Manalyze report for 1fc0127772995ae5b8eb0cad3d75ec8d

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Oct-03 16:05:27
Detected languages	English - United States
Debug artifacts	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win64_VS2019_nondev_m_r\WindowsPlayer_player_Master_mono_x64.pdb
FileVersion	`2022.3.50.12835711`
LegalCopyright	(c) 2005-2024 Unity Technologies. All rights reserved.
ProductVersion	`2022.3.50f1 (c3db7f8bf9b1)`

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 84.7496% of the executable.`
Suspicious	VirusTotal score: 1/72 (Scanned on 2025-11-28 05:02:37)	`Trapmine: suspicious.low.ml.score`

Hashes

MD5	`1fc0127772995ae5b8eb0cad3d75ec8d`
SHA1	`1114a291aace510737be2ec1f517efe23d27e92e`
SHA256	`04ef97422ef6a11dffb1c0669d281f8defc083713f11fd3a1227af64d46893ef`
SHA3	`795e788f7c0c67f22cc3cd41fe465d5a1c2557e12657290fc31bfb7902aa8cc6`
SSDeep	`12288:O/744aOD88I9Jw7cUBN4WNNNNOiSGERkq77FP1ZWjInQLNmyyW8+oMd1zNXwEQ:c9aO58w7QsqjZYyWN1R/Q`
Imports Hash	`ce1183cc150987a99aef5749f22af81e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2024-Oct-03 16:05:27
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xca00`
SizeOfInitializedData	`0x97000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001260 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa8000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c908b9c0303dc1f82726ca4dae00b772`
SHA1	`e81e70cb017880d2883f88a85d9a5ba6176ebcc1`
SHA256	`6e577d9deae653a5181b5a961bc5d68133d0e0c5371dc8bf2e7a30f6ef4d5cb2`
SHA3	`deefbce421cada627162918879ac6eda8099d036762180ad5ebfb4cbd66be7e2`
VirtualSize	`0xc8b0`
VirtualAddress	`0x1000`
SizeOfRawData	`0xca00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.41078`

.rdata

MD5	`2af899c58e1ff32ad962abc3851e4dbd`
SHA1	`f5bad3e5e9bf7adb751115fca0fd2f3d5065b15f`
SHA256	`55c71cd410b3e3c877c8d6e8fda6a4bcaf00f71d6c9be53bfb951ecc884dd0f9`
SHA3	`0cc66dc4565124031edac037696b6dab36fa56e3de156db32d55e487814927e3`
VirtualSize	`0x948a`
VirtualAddress	`0xe000`
SizeOfRawData	`0x9600`
PointerToRawData	`0xce00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.65306`

.data

MD5	`90815aa5dc65a7dd3f93bad1bd78a77e`
SHA1	`608f3e69047b216dda6b0df73c30912e2fef5544`
SHA256	`435cb9af1df25f501f68a9700182c4d25de99c3f8e8c1ba6b16c0ca98911ff87`
SHA3	`e5ea90d4dd767bfa3d88e3fa2e107c2e40cac10f43498d5abd74f15888477d18`
VirtualSize	`0x1d38`
VirtualAddress	`0x18000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x16400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.87032`

.pdata

MD5	`c69bce38ac69d0b835120a5590e69f0c`
SHA1	`c063139b665bfd43ee632f0741b4b5279a71f404`
SHA256	`1d79cfdb10b0e6f61968ed084c55a6ae07421354bf9072b12d090926728f3852`
SHA3	`5b320838ebff98a9e30dc5b9258ca4079fcb7cde4304c61cfe2dd57bb750842e`
VirtualSize	`0xef4`
VirtualAddress	`0x1a000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x17000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.62843`

_RDATA

MD5	`f87f407c2a1cab208757ad1d23a2de6f`
SHA1	`cd739c36958f9ba7505883ae868f1a6ca71e880f`
SHA256	`6e4ba525d12ef66132e0738191d3a928ba74c0091a6f82bc48f892a41e2fc242`
SHA3	`0611ad194d9c623281cb358dbc2f2d28bb01b6eab682677ec8d16136d74414ab`
VirtualSize	`0x94`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x200`
PointerToRawData	`0x18000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.11888`

.rsrc

MD5	`f74d5eae7bdda737fdac5da822881ccb`
SHA1	`027b643a93bbea6c7ba0354f1453a629565b3e94`
SHA256	`5237e7baff0ba1c23468ea673610be77d4e9a860445c1462aafd8bb9a8074c51`
SHA3	`9f48a474e9429b265c2c2589db3468ea47665539b5ca24fb1cf14e014e2e8a4c`
VirtualSize	`0x8a1a0`
VirtualAddress	`0x1c000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x18200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.65577`

.reloc

MD5	`ef1e558d46106d87320dd822be1ddc48`
SHA1	`10f7b05d107451bd01cf446da512c619fc35bf50`
SHA256	`34d7b771018e478ba05cd24ec377fd34919d65ec63c43f49e1ab319785368929`
SHA3	`cc295f58e62efe5c59cad1febf1ce620404450135f442c20ba55235b492ddac9`
VirtualSize	`0x654`
VirtualAddress	`0xa7000`
SizeOfRawData	`0x800`
PointerToRawData	`0xa2400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.84209`

Imports

UnityPlayer.dll	`UnityMain`
KERNEL32.dll	`HeapAlloc` `WriteConsoleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `CloseHandle` `RtlUnwindEx` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `EncodePointer` `RaiseException` `RtlPcToFileHeader` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `GetCurrentProcess` `ExitProcess` `TerminateProcess` `GetModuleHandleExW` `HeapFree` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `SetFilePointerEx` `CreateFileW`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x18004`

NvOptimusEnablement

Ordinal	`2`
Address	`0x18000`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.58601`
MD5	`f32aaf89e7f29aca548e44bfd5272705`
SHA1	`9dccf9f4988688dc6f58baec266d745c3a8b356e`
SHA256	`54272deedbb97e04b954765c0ef85905a64a72526b054b8cd1b298cac26e1ff2`
SHA3	`4f6bd9201f2c59b155dbcbed6103d721912b05d1c387a06082a2f326306f666f`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.64081`
MD5	`aa8cd8fb20171f49168b58ae3193a1de`
SHA1	`62c02b5720003635b5080c8d75b8583248a70fb0`
SHA256	`a4ed6cbafd08d1864a3edc4b367ea690c733ab2572d56099c92eef3be3e6c7a1`
SHA3	`49002b1e7d84c432f7223bfac1f47d59e2d6dedc3522d273f2895b6497ed4ba5`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.6837`
MD5	`9eea3bfebc286b0b4df962cb1f6ec260`
SHA1	`435f07824011043cad0ec0d82e2e7f6d6eb3cf06`
SHA256	`e4cd876eb5d5d737d868012cd1f462942a0924453ff8039ef261c05ec6af1ab0`
SHA3	`1ceb8772f4a39b86f87b6cec03d969eba3351a4b8712189446c5047e6c18268d`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.72355`
MD5	`2d8a8b06a85164804dbc4f8583d697c6`
SHA1	`63eca9ccb4f052bd1ef83a0acbfca4a48b978a99`
SHA256	`5f50d00f364c44f4b824ddc04a434dd308db0678c106a8505220bc53da23db2d`
SHA3	`c3b08a4e3fadfc6ede57b287cf7cf01f87d5525bcabc82105b4bf389719af684`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.78102`
MD5	`2df44c5b1e08b7c09ca902b4a69f084c`
SHA1	`876a13f520646c72fffdc6c832361fed4fb2fb06`
SHA256	`bc0dd4968c1aae97418732751620ce468cf687d4e13374b96d7b7b6fe0c68d4e`
SHA3	`32401f9dfcff613ec1a927bc6d6982d0a0643e920abc241304578999a6bc1681`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.76463`
MD5	`6109cee02d039372a069c3249536f3b2`
SHA1	`3457a602c14eee4859f91a0c5473a00e208f78ef`
SHA256	`8030c1ecc456c8b8c85d56627a4453dcb80e03038d644dd2883668d44c7eb032`
SHA3	`80c8043533dd66b6829cbd8d838604269c57a7bc50a70f095bfb927a3fb20f19`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.86512`
MD5	`d4fc5f3dc9af059733bd4b637905b9c3`
SHA1	`25a5302eafb612c9bf331cd564d792e7b7a5417d`
SHA256	`f8f6b6f8422897f78d9ccf3c98816e30598c8904390e982fff12d3472026a80d`
SHA3	`936205deb4ec8bd2d772866113ba401d362d07155758714c7e4588973c9a6c54`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.81872`
MD5	`c764db077132a685ec1ad7017f32b8d7`
SHA1	`be5c974b250eb2e30ad27722fde6b69ed9b352c9`
SHA256	`acaec9429d4e67355e04db77310a65da4b9e055b929876ec512130b656eea5d6`
SHA3	`fa7bb11d2c546e0799f3dc107c39f8b1d062e3877ddfd319120329652bd4419a`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.73354`
MD5	`16efc0d53d7bfbbad5c7e4879eae568e`
SHA1	`898950cd1bb52e95d3d5bf5d8af060e6bdcf9e24`
SHA256	`dca8caf5e877d86d804b8797658cfb9eed12eba2a8c74995ee5b6dde965d7d90`
SHA3	`0d0d6f8f2009780eeeac2b4fabe64bc300a61200f035f2611012d8615ebf5714`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`f7731730720cfe035cf030b40d0e2eb6`
SHA1	`d046e23f2ee2b93ad96be8e1dc9120ecf3915091`
SHA256	`5c92a41adaf3265071482fd1a182ae8702c168636a7d9ff51798ee3a1dfc8500`
SHA3	`6f2d12e4c63c131a3f7f48293996e2be05da351536d013affe5d2265965ce657`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x214`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.5433`
MD5	`a41ce080c6f9deec5c9475940f7f70e0`
SHA1	`b370b3d63974cee1730934b424bfde5942eeaa19`
SHA256	`eba86c1a97399aee484cb0094fbe1c8f5c453fa878badce5c97ae53fd2d541b2`
SHA3	`ab45f6f765e31ad3731a50475ed13abea12b41fcd9e648beed762dca8b15821b`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6c1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37708`
MD5	`aab7e8aafe7b06ab3d003b54ab5e18ed`
SHA1	`dccf0408f43059df37b755f3241a8b4b35c728af`
SHA256	`fb88b19523afd8fed48eddfd10805a3a0a45997bbf8fac04d595ddf93c1a88a8`
SHA3	`a981b8e907b79cd9448766ace938dfd96560d11c29e6ba165912a8508bd52ca7`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2022.3.50.56191
ProductVersion	2022.3.50.56191
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	2022.3.50.12835711
LegalCopyright	(c) 2005-2024 Unity Technologies. All rights reserved.
ProductVersion (#2)	2022.3.50f1 (c3db7f8bf9b1)

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2024-Oct-03 16:05:27
Version	`0.0`
SizeofData	`141`
AddressOfRawData	`0x15aec`
PointerToRawData	`0x148ec`
Referenced File	C:\build\output\unity\unity\artifacts\WindowsPlayer\Win64_VS2019_nondev_m_r\WindowsPlayer_player_Master_mono_x64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2024-Oct-03 16:05:27
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x15b7c`
PointerToRawData	`0x1497c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2024-Oct-03 16:05:27
Version	`0.0`
SizeofData	`768`
AddressOfRawData	`0x15b90`
PointerToRawData	`0x14990`

TLS Callbacks

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140018030`

RICH Header

XOR Key	`0xe5e06b0d`
Unmarked objects	`0`
ASM objects (28900)	`5`
C++ objects (28900)	`138`
C objects (28900)	`10`
Imports (28900)	`2`
C++ objects (VS 2015/2017/2019 runtime 29118)	`39`
C objects (VS 2015/2017/2019 runtime 29118)	`16`
ASM objects (VS 2015/2017/2019 runtime 29118)	`9`
Imports (VS2019 Update 8 (16.8.0-1) compiler 29333)	`3`
Total imports	`89`
C++ objects (VS2019 Update 8 (16.8.0-1) compiler 29333)	`3`
Exports (VS2019 Update 8 (16.8.0-1) compiler 29333)	`1`
Resource objects (VS2019 Update 8 (16.8.0-1) compiler 29333)	`1`
Linker (VS2019 Update 8 (16.8.0-1) compiler 29333)	`1`

1fc0127772995ae5b8eb0cad3d75ec8d

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

AmdPowerXpressRequestHighPerformance

NvOptimusEnablement

1

2

3

4

5

6

7

8

9

103

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors