Manalyze report for d62e99c1fd4421ff659795745678f412

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Oct-22 07:59:28
Detected languages	English - United States
Debug artifacts	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win_x64_VS2022_VB_nondev_i_r\WindowsPlayer_player_Master_il2cpp_x64.pdb
FileVersion	`6000.0.61.7643309`
LegalCopyright	(c) 2005-2025 Unity Technologies. All rights reserved.
ProductVersion	`6000.0.61f1 (74a0adb02c31)`

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 83.9824% of the executable.`
Safe	VirusTotal score: 0/68 (Scanned on 2026-02-13 22:14:07)	`All the AVs think this file is safe.`

Hashes

MD5	`d62e99c1fd4421ff659795745678f412`
SHA1	`23f7ed8d6880a2836d597c8b39d27201bbf7fcad`
SHA256	`6f9b766ee3afae7bbc075287780d573fa42a121d18d9db94417d889149f208f7`
SHA3	`cf9f426d8ee4df9efeef153b2035ea316415944f851eb95555b433a4dfd87210`
SSDeep	`12288:62NCDdJr3d4uBsuRgbJrw+uyKA603sKjpEJ3zl:WjhfaJnR8Kji`
Imports Hash	`a136217cdd3247ff6a8766561064ca0b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2025-Oct-22 07:59:28
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xde00`
SizeOfInitializedData	`0x97200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001264 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa9000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2775a5a7c1fa856e6a29a4f5a5229c31`
SHA1	`3e9ae8fdb588fe4aae22d549f8569008c887c898`
SHA256	`195697288171c6371920514965e3625060b55abd960ee1903baa797ef5e0bbfb`
SHA3	`fb39403bbfb970d14fc395dd6c3593ca3d0aec333b14d9249010a0924d269e75`
VirtualSize	`0xdc70`
VirtualAddress	`0x1000`
SizeOfRawData	`0xde00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.46162`

.rdata

MD5	`68299b88d5be49d8db9ab19e299dd22c`
SHA1	`8be8d90c31b7a87101d1fe5a6520229c078c6590`
SHA256	`b4848ce8a0714daae0f874448a46cb049977086f8fff43219610d4744f1a3085`
SHA3	`60b2948f0a33db6a4215855efa847bec20f6dea842be755d2845f8987a1128e2`
VirtualSize	`0x977c`
VirtualAddress	`0xf000`
SizeOfRawData	`0x9800`
PointerToRawData	`0xe200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.70208`

.data

MD5	`d284f7b260ed119794375a6998c5083c`
SHA1	`0944c690e2b7841e681f55d2a731910f8019f2ef`
SHA256	`79ebad17e73900bd4dd43a932cc832e1d907346973e16ac0af549524fa4b88b3`
SHA3	`0c023444d7239a9582798618879cf6e165fcae6d6eec1051c77592814b4894ad`
VirtualSize	`0x1d78`
VirtualAddress	`0x19000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x17a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.89847`

.pdata

MD5	`d67581e7561b613930fcc4c3ee52cdc5`
SHA1	`a43e835342a8235efb9f656bba5c170d21641a61`
SHA256	`4eaf2a70ebe02f5f76d3b133d8a74d7c7eee9267519fd6a6951de4bcb2ad617b`
SHA3	`0ccfeafaf338d1bcb9c719ffca72875595bea8d6aea16bd26baa2a4685e84170`
VirtualSize	`0xf24`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x18600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.67172`

_RDATA

MD5	`dd297010ea596c9b749ddc72fe421330`
SHA1	`3213e7a4b99366f1367f1b5dc97aa4853369a784`
SHA256	`420a70f17663b392f63eb448853ebc800a3f7cf9c6e0b78b7e421d671dd927fd`
SHA3	`f4660bd566f5561530bb0e40a752616d5a8180b7180fcf869790d48f9fb6e9bf`
VirtualSize	`0x1f4`
VirtualAddress	`0x1c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x19600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.71477`

.rsrc

MD5	`034dd00217d385678655b07b42f54bf7`
SHA1	`a2eb58ed44e0f86e7282db1e231305f3924bfa9a`
SHA256	`b9514d184533552e5c0d7501e845841f593862a08377a1be68099d086be0e50c`
SHA3	`d7b28714cbf13e3dd1df27e076e46364f96bfb32a8a383e9f8d76f69326de3bf`
VirtualSize	`0x8a018`
VirtualAddress	`0x1d000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x19800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.82328`

.reloc

MD5	`79918e2814a23b917e4a5494067a35d5`
SHA1	`eab8dd05e160cbff9fa1c348b6c35e7f161cf459`
SHA256	`cccb376562c958fee6ec06051a48d2c5c0232065e1000ce2d4b0775e46737238`
SHA3	`0fcd95a99b9b4e77c2e23089f450965a4028a243ef56d1928fdcfcebcc4b7120`
VirtualSize	`0x658`
VirtualAddress	`0xa8000`
SizeOfRawData	`0x800`
PointerToRawData	`0xa3a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.87002`

Imports

UnityPlayer.dll	`UnityMain2`
KERNEL32.dll	`HeapAlloc` `WriteConsoleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `CloseHandle` `RtlUnwindEx` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `EncodePointer` `RaiseException` `RtlPcToFileHeader` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `GetCurrentProcess` `ExitProcess` `TerminateProcess` `GetModuleHandleExW` `HeapFree` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `SetFilePointerEx` `CreateFileW`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x19004`

D3D12SDKPath

Ordinal	`2`
Address	`0x19008`

D3D12SDKVersion

Ordinal	`3`
Address	`0xf320`

NvOptimusEnablement

Ordinal	`4`
Address	`0x19000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.63883`
MD5	`b6690e86638d942e68d55d99ec1e0e9a`
SHA1	`861b7649d05b86637bb89017f1e1900a98ac0066`
SHA256	`0bca1c4a76be2e9d9854b47868dcf2ce415b2931fbec93d933b4350676030b53`
SHA3	`dd14ae84d9c8d9b262a748098ec98ab30bf513a4a252b2970b2005802e390efb`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.82747`
MD5	`959ae9862f95b0a93525a01d58939be7`
SHA1	`ca2ed5aeb9638e69a5b82472e45cfa95e576a356`
SHA256	`32628e5ec2fdc86290bd36c38c4d0505e6e7cfe71c79703e11cab35bbfb67d1f`
SHA3	`742c37bd337895fe2a8e59ad028527b3ecfcb2a6832ddf9a45d2e7797a6cb79c`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.88088`
MD5	`1635dd6b17bbcf1ea4623c80da89bd6c`
SHA1	`20baa0e471c3aa3578c0c2a96ba947f4badf1022`
SHA256	`94fb845c9f368e0dce3a0395d28eb4a819148f111708dde905546f1b828d2d13`
SHA3	`47deedd49d42b59d79b44cb06b671ff99352c02e0ed0bacd24a56ca33f21d7c3`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.84913`
MD5	`1a9cfb31f8a05c90aadb27bc11ea3153`
SHA1	`a6241f5bbae78ad823064a245d3198b2b5396656`
SHA256	`d02a58362adc64c115bd685802a43f4875318d372bfd2430e07ee996652e2b00`
SHA3	`8e76f54df6d8f7072754594911a04e706a5e7067431259bd60a53676f35314fd`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.88273`
MD5	`310bdad23ea2f36a97590a1aa4ce287b`
SHA1	`4a7831bd886808b4a4537c59ae879f41fbb3e7b7`
SHA256	`e73bd5c78f437f7e713e25ce0fbfa16e8be043556cb32302054f2d8c427b6629`
SHA3	`6f70d77822ee03bff5ea62acf4c75f45f1aa6368a6b9398f0850c09a05efd6be`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.86241`
MD5	`6b213409fe238ea7365bc0395eb117e1`
SHA1	`83f54fd6613cd2d10c4d30edbb4e066eda7dab07`
SHA256	`54a1a46de7280f45ed2ebe1141cde3acdd4dae1c5d3c07a2c0b77b9a711014cb`
SHA3	`e807bb60fd8dd1ca7aceabfacad19e9f8e84b16cd950d838a47845e2ec1ae078`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.84464`
MD5	`b292f53606382e03b413f6263cb61a3a`
SHA1	`b743d74c3d52535b51d95391109b000aedbd59c2`
SHA256	`774a8ee58222de2f0bb68c042d57c8c78236b47291bd90269fa42588c475cbce`
SHA3	`2a656efcf195c7ed874364edc61d4880886d4662607ca101c9b9a53deb95c8e3`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.82252`
MD5	`6526d8f951e52eab8581e085beaa875b`
SHA1	`caf453b067d8c8096b1827502ed94a1c027a915a`
SHA256	`30a3790092b4834802ba260ff5bbf3ed253f58613f722c0875ee24c12755ef5f`
SHA3	`44338e30bd3f3872d952ea725b699c60b05e2ac313e715d2dd6dc3a0bec592f0`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.79212`
MD5	`e8767132651e28fc8446c84206c743f7`
SHA1	`a4cd6ee910502d17bd2f3cb03619ea25094b444a`
SHA256	`895db72b4cf2f9e66bf7462a0390007e90fd50b454dfb42867110753eb37df2a`
SHA3	`34b6655bc5b0e49d0f0d239b4782957f17c3dcce260848731dd5ec03515bb336`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`3bf2dac037ce87794e66ff7f054e913f`
SHA1	`52ca961fd37ad960905a681d1db5157508ef1602`
SHA256	`2a87b1f32c5d0435090c72c392b75394f706e5750eff64fd85d25e1c622ee581`
SHA3	`8454d3273522657b5926068082b2cb88f6dbf352e7e9568008c0e33c792f349b`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x210`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.51266`
MD5	`e0cd2f83e71514ba3a60233b10d69d18`
SHA1	`3433706c0e65845d56d0806df949f5e1c6030dcc`
SHA256	`8468a1433743927da1dae4f0802ab975327ba31d4342059d783a15b0e8325efc`
SHA3	`f7f8180ece1c17d0fcc3ed729776f016d138e34776293c0e2ef014ccc06bdfeb`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x545`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.24993`
MD5	`9df530c2f4fbe460da74e130d5d351a9`
SHA1	`f8719b6c74e0179556c1a18f214d6c1bbff8f823`
SHA256	`3c357bd1125971bda05bc59eaeca279da41715741e2535e9e75c94273b1c3a1f`
SHA3	`ce3dd46f87bd462f8730fca18daea6df444422f8d88b810aefbd7b2e62536dee`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6000.0.61.41133
ProductVersion	6000.0.61.41133
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	6000.0.61.7643309
LegalCopyright	(c) 2005-2025 Unity Technologies. All rights reserved.
ProductVersion (#2)	6000.0.61f1 (74a0adb02c31)

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Oct-22 07:59:28
Version	`0.0`
SizeofData	`148`
AddressOfRawData	`0x16d58`
PointerToRawData	`0x15f58`
Referenced File	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win_x64_VS2022_VB_nondev_i_r\WindowsPlayer_player_Master_il2cpp_x64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Oct-22 07:59:28
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x16dec`
PointerToRawData	`0x15fec`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Oct-22 07:59:28
Version	`0.0`
SizeofData	`852`
AddressOfRawData	`0x16e00`
PointerToRawData	`0x16000`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140019040`

RICH Header

XOR Key	`0x7139305b`
Unmarked objects	`0`
ASM objects (28900)	`5`
C++ objects (28900)	`138`
C objects (28900)	`10`
Unmarked objects (#2)	`1`
Imports (28900)	`2`
C++ objects (33218)	`40`
C objects (33218)	`16`
ASM objects (33218)	`17`
Imports (33523)	`3`
Total imports	`89`
C++ objects (33523)	`2`
Exports (33523)	`1`
Resource objects (33523)	`1`
Linker (33523)	`1`

d62e99c1fd4421ff659795745678f412

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

AmdPowerXpressRequestHighPerformance

D3D12SDKPath

D3D12SDKVersion

NvOptimusEnablement

1

2

3

4

5

6

7

8

9

103

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors