PREMIUM PESCAN.IO - Analysis Report

File Structure
Analysis Image
PE Chart Code
Executable header (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
Information
Icon: Icon
Size: 638,50 KB
SHA-256 Hash: 7B2F0EC4B41D13C4EAB40FF1B61CB2D51BB708269D85F3F89FBA3E290F881438
SHA-1 Hash: 647F7735F331116D760A94BE29E48E6803C3AAF1
MD5 Hash: 09E8E1B6C2D4E6CA2E1B4D4424F89CE8
Imphash: 5F74A5C747508E2822FDB9B687DEAF42
MajorOSVersion: 6
MinorOSVersion: 0
CheckSum: 00000000
EntryPoint (rva): 1260
SizeOfHeaders: 400
SizeOfImage: A5000
ImageBase: 0000000140000000
Architecture: x64
ExportTable: 144A0
ImportTable: 14528
IAT: C000
Characteristics: 22
TimeDateStamp: 68AC767A
Date: 25/08/2025 14:43:06
File Type: EXE
File Type: DLL
Number Of Sections: 7
ASLR: Disabled
Section Names (Optional Header): .text, .rdata, .data, .pdata, _RDATA, .rsrc, .reloc
Number Of Executable Sections: 1
Subsystem: Windows GUI
Sections Info
Section Name Flags ROffset RSize VOffset VSizeEntropyChi2
.text 60000020 (Code, Executable, Readable) 400 A200 1000 A1206,3957281018,43
.rdata 40000040 (Initialized Data, Readable) A600 8E00 C000 8C6E4,65242208753,28
.data C0000040 (Initialized Data, Readable, Writeable) 13400 C00 15000 1CD81,6762520662,67
.pdata 40000040 (Initialized Data, Readable) 14000 E00 17000 C484,3610224026,14
_RDATA 40000040 (Initialized Data, Readable) 14E00 200 18000 941,085199175,00
.rsrc 40000040 (Initialized Data, Readable) 15000 8A200 19000 8A1984,496915374604,66
.reloc 42000040 (Initialized Data, GP-Relative, Readable) 9F200 800 A4000 6344,784741401,25
Description
LegalCopyright: (c) 2005-2025 Unity Technologies. All rights reserved.
FileVersion: 2020.3.49.1582237
ProductVersion: 2020.3.49f1 (18249dd5551b)
Language: English (United States) (ID=0x409)
CodePage: Unicode (UTF-16 LE) (0x4B0)
Entry Point
The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - 660
Code -> 4883EC28E85B0200004883C428E97AFEFFFFCCCC4883EC28E8DB07000085C0742165488B042530000000488B4808EB05483B
SUB RSP, 0X28
CALL 0X1264
ADD RSP, 0X28
JMP 0XE8C
INT3
INT3
SUB RSP, 0X28
CALL 0X17F8
TEST EAX, EAX
JE 0X1042
MOV RAX, QWORD PTR GS:[0X30]
MOV RCX, QWORD PTR [RAX + 8]
JMP 0X1035
Signatures
Rich Signature Analyzer:
Code -> 2710773A63711969637119696371196938191D686971196938191A686671196938191C68EB7119693819186861711969681E1C6846711969681E1D6873711969681E1A686B711969A51E1868607119696371186936711969A51E1C6861711969A51E196862711969A51EE66962711969A51E1B68627119695269636863711969
Footprint md5 Hash -> 2A022D84318181B87A9CBAE3B0C73610
• The Rich header apparently has not been modified
Certificate - Digital Signature Not Found:
• The file is not signed
Packer/Compiler
Compiler: Microsoft Visual Studio
Detect It Easy (die)
PE+(64): compiler: Microsoft Visual C/C++(-)[-]
PE+(64): linker: Microsoft Linker(14.25**)[-]
Entropy: 4.98367
Suspicious Functions
Library Function Description
KERNEL32.DLL WriteFile Writes data to a specified file or input/output (I/O) device.
KERNEL32.DLL GetProcAddress Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
KERNEL32.DLL IsDebuggerPresent Determines if the calling process is being debugged by a user-mode debugger.
File Access
WindowsPlayer.exe
KERNEL32.dll
UnityPlayer.dll
.dat
@.dat
File Access (UNICODE)
mscoree.dll
Interest's Words
exec
start
URLs
http://schemas.microsoft.com/SMI/2005/WindowsSettings
http://schemas.microsoft.com/SMI/2016/WindowsSettings
Strings/Hex Code Found With The File Rules
Rule Type Encoding Matched (Word)
Text Ascii File (CreateFile)
Text Ascii File (WriteFile)
Text Ascii Anti-Analysis VM (IsDebuggerPresent)
Text Ascii Reconnaissance (FindNextFileW)
Text Ascii Reconnaissance (FindClose)
Text Ascii Stealth (CloseHandle)
Entry Point Hex Pattern Microsoft Visual C++ 8.0 (DLL)
Entry Point Hex Pattern PE-Exe Executable Image
Resources
Path DataRVA Size FileOffset CodeText
\ICON\1\1033 192B0 42028 152B0 28000000000100000002000001002000000000000000000000000000000000000000000000000000050505FF050505FF0505(............. ...................................
\ICON\2\1033 5B2D8 25228 572D8 28000000C00000008001000001002000000000000000000000000000000000000000000000000000050505FF050505FF0505(............. ...................................
\ICON\3\1033 80500 10828 7C500 28000000800000000001000001002000000000000000000000000000000000000000000000000000050505FF050505FF0505(............. ...................................
\ICON\4\1033 90D28 94A8 8CD28 2800000060000000C000000001002000000000000000000000000000000000000000000000000000050505FF050505FF0505(............ ...................................
\ICON\5\1033 9A1D0 4228 961D0 28000000400000008000000001002000000000000000000000000000000000000000000000000000050505FF050505FF0505(...@......... ...................................
\ICON\6\1033 9E3F8 25A8 9A3F8 280000003000000060000000010020000000000000000000000000000000000000000000000000002A2013FF2B2213FF2D23(...0........ .........................* ..+"..-
\ICON\7\1033 A09A0 10A8 9C9A0 280000002000000040000000010020000000000000000000000000000000000000000000000000002D2314FF2D2314FF2D23(... ...@..... .........................-..-..-
\ICON\8\1033 A1A48 988 9DA48 28000000180000003000000001002000000000000000000000000000000000000000000000000000251D11FF2E2414FF2E24(.......0..... .........................%....$...$
\ICON\9\1033 A23D0 468 9E3D0 280000001000000020000000010020000000000000000000000000000000000000000000000000002D2314FF2D2314FF2D23(....... ..... .........................-..-..-
\GROUP_ICON\103\1033 A2838 84 9E838 0000010009000000000001002000282004000100C0C000000100200028520200020080800000010020002808010003006060............ .( .......... .(R.......... .(.....
\VERSION\1\1033 A2F88 210 9EF88 100234000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000300..4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...............
\24\1\1033 A28C0 6C1 9E8C0 3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E653D2279<?xml version="1.0" encoding="UTF-8" standalone="y
Intelligent String
• mscoree.dll
• C:\build\output\unity\unity\artifacts\WindowsPlayer\Win64_VS2019_nondev_m_r\WindowsPlayer_Master_mono_x64.pdb
• .bss
• KERNEL32.dll
• <dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">True/PM</dpiAware>
• <dpiAwareness xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">PerMonitorV2</dpiAwareness>
Flow Anomalies
Offset RVA Section Description
401 N/A .text JMP QWORD PTR [RIP+0xB209]
5A9 N/A .text CALL QWORD PTR [RIP+0xB081]
8F0 N/A .text CALL QWORD PTR [RIP+0xAB2A]
8FE N/A .text CALL QWORD PTR [RIP+0xAB14]
90A N/A .text CALL QWORD PTR [RIP+0xAB00]
91A N/A .text CALL QWORD PTR [RIP+0xAAE8]
98C N/A .text JMP QWORD PTR [RIP+0xAA96]
A34 N/A .text CALL QWORD PTR [RIP+0xA9F6]
A4E N/A .text CALL QWORD PTR [RIP+0xA9E4]
A8F N/A .text CALL QWORD PTR [RIP+0xA9AB]
AE3 N/A .text CALL QWORD PTR [RIP+0xA95F]
B04 N/A .text CALL QWORD PTR [RIP+0xA94E]
B0F N/A .text CALL QWORD PTR [RIP+0xA93B]
B54 N/A .text CALL QWORD PTR [RIP+0xA906]
B82 N/A .text CALL QWORD PTR [RIP+0xA8E8]
BD8 N/A .text JMP QWORD PTR [RIP+0xA87A]
C5E N/A .text CALL QWORD PTR [RIP+0xA9CC]
C9A N/A .text CALL QWORD PTR [RIP+0xA990]
D14 N/A .text JMP QWORD PTR [RIP+0xFFF3FF0]
E70 N/A .text JMP QWORD PTR [RIP+0xA5F2]
F49 N/A .text CALL QWORD PTR [RIP+0xA791]
F87 N/A .text CALL QWORD PTR [RIP+0xA4F3]
112A N/A .text CALL QWORD PTR [RIP+0xA500]
1407 N/A .text CALL QWORD PTR [RIP+0xA07B]
148E N/A .text CALL QWORD PTR [RIP+0x9FFC]
1567 N/A .text CALL QWORD PTR [RIP+0x9F3B]
1603 N/A .text CALL QWORD PTR [RIP+0x9EDF]
1611 N/A .text CALL QWORD PTR [RIP+0x9E71]
163B N/A .text CALL QWORD PTR [RIP+0x9EA7]
1681 N/A .text CALL QWORD PTR [RIP+0x9E51]
168D N/A .text CALL QWORD PTR [RIP+0x9E4D]
16FF N/A .text JMP QWORD PTR [RIP+0x9F2B]
170B N/A .text JMP QWORD PTR [RIP+0x9DA7]
1748 N/A .text JMP QWORD PTR [RIP+0x9EE2]
1754 N/A .text JMP QWORD PTR [RIP+0x9D76]
1790 N/A .text JMP QWORD PTR [RIP+0x9E9A]
179C N/A .text JMP QWORD PTR [RIP+0x9D1E]
17DC N/A .text CALL QWORD PTR [RIP+0x9E4E]
17E4 N/A .text CALL QWORD PTR [RIP+0x9CDE]
183B N/A .text CALL QWORD PTR [RIP+0x9DEF]
1843 N/A .text CALL QWORD PTR [RIP+0x9C67]
1EBF N/A .text CALL QWORD PTR [RIP+0x976B]
1ED4 N/A .text CALL QWORD PTR [RIP+0x9756]
1F5C N/A .text JMP QWORD PTR [RIP+0x96CE]
21E0 N/A .text CALL QWORD PTR [RIP+0x9322]
25DD N/A .text CALL QWORD PTR [RIP+0x904D]
2621 N/A .text CALL QWORD PTR [RIP+0x9009]
26CB N/A .text CALL QWORD PTR [RIP+0x8F5F]
276B N/A .text CALL QWORD PTR [RIP+0x8CFF]
2831 N/A .text CALL QWORD PTR [RIP+0x8CD9]
283C N/A .text CALL QWORD PTR [RIP+0x8CDE]
284B N/A .text CALL QWORD PTR [RIP+0x8CC7]
2870 N/A .text CALL QWORD PTR [RIP+0x8CB2]
2886 N/A .text CALL QWORD PTR [RIP+0x8C54]
2893 N/A .text CALL QWORD PTR [RIP+0x8D97]
28A3 N/A .text CALL QWORD PTR [RIP+0x8C2F]
2D6D N/A .text CALL QWORD PTR [RIP+0x88BD]
3046 N/A .text CALL QWORD PTR [RIP+0x85E4]
308E N/A .text CALL QWORD PTR [RIP+0x83D4]
35B3 N/A .text CALL QWORD PTR [RIP+0x7ECF]
3651 N/A .text CALL QWORD PTR [RIP+0x7E39]
372F N/A .text CALL QWORD PTR [RIP+0x7D53]
37CD N/A .text CALL QWORD PTR [RIP+0x7CBD]
38C5 N/A .text CALL QWORD PTR [RIP+0x7B65]
38DD N/A .text CALL QWORD PTR [RIP+0x7B55]
3918 N/A .text CALL QWORD PTR [RIP+0x7B22]
3951 N/A .text CALL QWORD PTR [RIP+0x7AF1]
395B N/A .text CALL QWORD PTR [RIP+0x7AF7]
3966 N/A .text CALL QWORD PTR [RIP+0x7AE4]
39FC N/A .text CALL QWORD PTR [RIP+0x7C2E]
3A89 N/A .text CALL QWORD PTR [RIP+0x79D9]
3AAE N/A .text CALL QWORD PTR [RIP+0x7A5C]
3AC1 N/A .text JMP QWORD PTR [RIP+0x7A59]
3D41 N/A .text CALL QWORD PTR [RIP+0x77E9]
3D7A N/A .text CALL QWORD PTR [RIP+0x77B8]
3D8C N/A .text CALL QWORD PTR [RIP+0x76F6]
3F24 N/A .text CALL QWORD PTR [RIP+0x761E]
3F81 N/A .text CALL QWORD PTR [RIP+0x75C9]
3FAC N/A .text CALL QWORD PTR [RIP+0x758E]
3FD0 N/A .text CALL QWORD PTR [RIP+0x756A]
3FDE N/A .text CALL QWORD PTR [RIP+0x755C]
44FE N/A .text CALL QWORD PTR [RIP+0x7064]
4515 N/A .text CALL QWORD PTR [RIP+0x7045]
4626 N/A .text CALL QWORD PTR [RIP+0x6F44]
4B2B N/A .text CALL QWORD PTR [RIP+0x6A27]
4B77 N/A .text CALL QWORD PTR [RIP+0x69F3]
4D80 N/A .text CALL QWORD PTR [RIP+0x67F2]
4D8D N/A .text CALL QWORD PTR [RIP+0x67ED]
4DF8 N/A .text JMP QWORD PTR [RIP+0x678A]
4E90 N/A .text JMP QWORD PTR [RIP+0x66FA]
4EAC N/A .text CALL QWORD PTR [RIP+0x66E6]
4F19 N/A .text CALL QWORD PTR [RIP+0x6681]
4F93 N/A .text JMP QWORD PTR [RIP+0x64FF]
4FBB N/A .text CALL QWORD PTR [RIP+0x64E7]
4FE7 N/A .text JMP QWORD PTR [RIP+0x64B3]
50FD N/A .text CALL QWORD PTR [RIP+0x63A5]
51ED N/A .text JMP QWORD PTR [RIP+0x62A5]
5215 N/A .text JMP QWORD PTR [RIP+0x6285]
5296 N/A .text CALL QWORD PTR [RIP+0x630C]
5370 N/A .text CALL QWORD PTR [RIP+0x60EA]
Extra Analysis
Metric Value Percentage
Ascii Code 262910 40,2111%
Null Byte Code 47389 7,248%
© 2026 All rights reserved.