Manalyze report for f7460321927b2ea3ee53412be379edf2595a990863de23787a2c6f6fbfe0cd16

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Oct-01 12:10:08
Detected languages	English - United States
Debug artifacts	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win_x64_VS2022_VB_nondev_i_r\WindowsPlayer_player_Master_il2cpp_x64.pdb
FileVersion	`6000.2.7.2838914`
LegalCopyright	(c) 2005-2025 Unity Technologies. All rights reserved.
ProductVersion	`6000.2.7f2 (2b518236b676)`

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 84.5615% of the executable.`
Safe	VirusTotal score: 0/70 (Scanned on 2026-06-05 12:48:12)	`All the AVs think this file is safe.`

Hashes

MD5	`1ff837285495a0792ff3689f5dea542b`
SHA1	`61e7a74877a62c4d58026f4a929d702f99f221e7`
SHA256	`f7460321927b2ea3ee53412be379edf2595a990863de23787a2c6f6fbfe0cd16`
SHA3	`d9f4f513440ba713bce5fa2610f3976622c3cbf34359d87be9cd5310206d43d4`
SSDeep	`6144:6aMjvuUwZpjUhLSZc3CjotPXL69kTQcCwUiDeKkidMlO/FswieoMJWAoeOpR1uk:6tVwZpwh/7QcCSCKkidcLUoAGtOMXzB`
Imports Hash	`a136217cdd3247ff6a8766561064ca0b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2025-Oct-01 12:10:08
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xce00`
SizeOfInitializedData	`0x97000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001264 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa7000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`457fb5274ed18adc024e01b603e258a4`
SHA1	`159fdb99c377edc82c57d34217a711578edb0e63`
SHA256	`336709c08beca21a675f029c2d588ac0cae8cc8f42422039cbb827b6284374e5`
SHA3	`7d6db62af5f0503638e32b2c5a2ebd94056e5e490598ebed73cb0495875d3499`
VirtualSize	`0xcdb0`
VirtualAddress	`0x1000`
SizeOfRawData	`0xce00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.45019`

.rdata

MD5	`1b53bbb76483e58c04abe87c6120e2b1`
SHA1	`3509817ecb12962abc86a6cd6e8de1240d525edd`
SHA256	`dc09dd0dddde95048f61718e8b2102e3bc4bef2dbf7deff1b93efc5aa2e88d8a`
SHA3	`12b6bdb7b60be7bbf434898167dc70bfb6ba59c60945304b1e74fe62d92dd707`
VirtualSize	`0x977c`
VirtualAddress	`0xe000`
SizeOfRawData	`0x9800`
PointerToRawData	`0xd200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.69236`

.data

MD5	`0822db25bce65451a1219de812eea533`
SHA1	`bf4c918ff2184dfeba8cd4f98b21e11d75de05e7`
SHA256	`8987031a7fb9e9ffe2b44dad568693d86af933f2b44447b6f5c1159bd0750a79`
SHA3	`83fbc2d299cd2e5b71ce2f669f319b95fcab94178c620dd04d72a1071efde7b0`
VirtualSize	`0x1d88`
VirtualAddress	`0x18000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x16a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.90767`

.pdata

MD5	`017f81338461c6b246bdb8ce1bf5fc08`
SHA1	`aa79861d4dea94c5fd283f1359435734dfb03517`
SHA256	`d1cc88f6e981b629ad1f47d33507ac8b71f82346871b690375752ffc69c6063d`
SHA3	`e197cfb7530afb455ed4ebbd26984d4562c62ea8c9c65f07f5d04c80970ee830`
VirtualSize	`0xec4`
VirtualAddress	`0x1a000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x17600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.60208`

.rsrc

MD5	`f1bdd8173dba8dbc97317b06f4f89176`
SHA1	`3a53d9556ce48293923b2222a8d41365a60a6b01`
SHA256	`12af2def91c96a64f65e03ad9d10e350c413f75e4a6982105fedf7b799603716`
SHA3	`fb5df27c0c22b8e6cfdb8a86631de048fefb7fb6854a1a6b3dd526be893c0394`
VirtualSize	`0x8a018`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x18600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.57257`

.reloc

MD5	`3ab8a3a955e5040e25556085e21a2be2`
SHA1	`f29b173f0ea430d70ff0803cbaa89fa1d4d024d9`
SHA256	`119eed3c019ffdb0bba4cee06b80d85e78a679f1bb17317cbb6a352bb4102d7a`
SHA3	`a5c3cb0725d2fd68e14265c6e03629d6270e73c1f049eb78b3e40b7b2535d802`
VirtualSize	`0x658`
VirtualAddress	`0xa6000`
SizeOfRawData	`0x800`
PointerToRawData	`0xa2800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.86735`

Imports

UnityPlayer.dll	`UnityMain2`
KERNEL32.dll	`HeapAlloc` `WriteConsoleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `CloseHandle` `RtlUnwindEx` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `EncodePointer` `RaiseException` `RtlPcToFileHeader` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `GetCurrentProcess` `ExitProcess` `TerminateProcess` `GetModuleHandleExW` `HeapFree` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `SetFilePointerEx` `CreateFileW`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x18004`

D3D12SDKPath

Ordinal	`2`
Address	`0x18008`

D3D12SDKVersion

Ordinal	`3`
Address	`0xe320`

NvOptimusEnablement

Ordinal	`4`
Address	`0x18000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.35086`
MD5	`8e6f3002b9b6aba394e224ff9439cfeb`
SHA1	`0651e4a9deb667e6f4735d4aaebdfdebb25ee3a1`
SHA256	`1830b2197f5e1f7c320e9cb2d78abc44ae4fc23e91b042045756f5b3162ae167`
SHA3	`3916691436e60d5f116777e964666e42cef302a7feb1a4e1c6de3af90b3b77e0`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.45248`
MD5	`9d4177cd9b403313eeb694be49e32be1`
SHA1	`ddb8dabcb92a15de83df2f839f694ec12edb7dee`
SHA256	`7baa6d57697b44ea033796653811a48b890d83130a25ba40cc03a7f35bda4313`
SHA3	`37c7d0f30633383fc81855a35cfb380c474a89f5602f6b87f7df7d0f6662d471`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.4401`
MD5	`3c0c4a1326326269959c36ff133ac058`
SHA1	`bbea68e46a1b16d974701f3e36fa46fd22ac1635`
SHA256	`11f877ecc255da8fb6bf2d4f671846e6305d09f5f198eaf91a84546ef9a71af0`
SHA3	`3b88ce11a99dcdc8afc1c5e8df69ea9e08c204b62b58ef9e8a46faccdf575f24`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.09875`
MD5	`85906b74f5b0ed3def28f039d1261eb1`
SHA1	`03c7ee20883634bff86ea5344632b8cea57815da`
SHA256	`ff59db2c9ca0df2a519260f8caf7277e503eff7a6a54c915d9514e14ed242b1b`
SHA3	`22f7add7eea3febc1d7ff704df5117cef61d13c43b16c1000d72cf6e75362cb5`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.95296`
MD5	`df215ca478a48809ab10e826f095223c`
SHA1	`f6ba5f0fdde12726259b5de48b8e3c57a57cc70e`
SHA256	`59d94260a988193a389805fb93d918d376690d57eeaf4b37e0b7ac868aaae7c0`
SHA3	`7166fd68bf98957eff2b4e90f17b90a305728128c3f409085c3f1527e29724e9`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.77517`
MD5	`c3400f23b40e1e6d9e94af6b67ebc790`
SHA1	`629f834267df281fba746ec11f88333bb86a3f39`
SHA256	`1791a600fb143a310fc3a81a8fd8833b94ceb61ea633278c8e4fc1d6a2d15075`
SHA3	`de1e3883c3d546b8373d3fe078e0477886b2f7e6b79699cb267c8f3ad7bde517`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.66195`
MD5	`8ce0a45b29ce270ad38a9e3a478e7613`
SHA1	`e2640257756dad52df7ef92441deb847d2284cdf`
SHA256	`f0cc67cf157a5ecc2b12e91379a3adba7106b06e6570c8f3a15fb0ece7283ba5`
SHA3	`3fafa256344d3cc76d3b0b96bd4c171994d289ea50f9ac6be998a0e93757847d`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.52311`
MD5	`b9da7c965717d061693c716941e6d96d`
SHA1	`7f72de5457d437b8e947eb13098c3bd3f96461d2`
SHA256	`6043b273a8886c8c8e4fc4047d81f349120f5071ee326ec65a2fdc1025c53fcd`
SHA3	`bca2f2b4ffe955319965c210ebd6b01b52eba3afc35119918edd55fd0f147db8`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.42738`
MD5	`7b4e09510e22dee873971675e3a385bf`
SHA1	`c15131d60d531e672f0aefd8331bdf132e4fd6d6`
SHA256	`646a9a4b0924fe40503370bdadf50a30e5ff8b165391e938869b769352235285`
SHA3	`2435e0d6524c369b4211f57f681571336ac5308d3bc3fe04c69ef2c263dc26d7`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`3bf2dac037ce87794e66ff7f054e913f`
SHA1	`52ca961fd37ad960905a681d1db5157508ef1602`
SHA256	`2a87b1f32c5d0435090c72c392b75394f706e5750eff64fd85d25e1c622ee581`
SHA3	`8454d3273522657b5926068082b2cb88f6dbf352e7e9568008c0e33c792f349b`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x20c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.56374`
MD5	`e4b50d257cebbd63786d157a34b67f7e`
SHA1	`ff1b44c3a80512085463b3bd224942139852f76a`
SHA256	`d550a18bbd96f93515b8943e8d4ae144a6e1e080cac9fbbb921b68e5dedec67b`
SHA3	`7180a4e2d7500af08b75b49be73b6affbe8b935c4e4100f5828e00112486f70e`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x545`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.24993`
MD5	`9df530c2f4fbe460da74e130d5d351a9`
SHA1	`f8719b6c74e0179556c1a18f214d6c1bbff8f823`
SHA256	`3c357bd1125971bda05bc59eaeca279da41715741e2535e9e75c94273b1c3a1f`
SHA3	`ce3dd46f87bd462f8730fca18daea6df444422f8d88b810aefbd7b2e62536dee`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6000.2.7.20866
ProductVersion	6000.2.7.20866
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	6000.2.7.2838914
LegalCopyright	(c) 2005-2025 Unity Technologies. All rights reserved.
ProductVersion (#2)	6000.2.7f2 (2b518236b676)

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Oct-01 12:10:08
Version	`0.0`
SizeofData	`148`
AddressOfRawData	`0x15d68`
PointerToRawData	`0x14f68`
Referenced File	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win_x64_VS2022_VB_nondev_i_r\WindowsPlayer_player_Master_il2cpp_x64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Oct-01 12:10:08
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x15dfc`
PointerToRawData	`0x14ffc`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Oct-01 12:10:08
Version	`0.0`
SizeofData	`836`
AddressOfRawData	`0x15e10`
PointerToRawData	`0x15010`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140018040`

RICH Header

Errors

Leave a comment

No comments yet.