2210e3ce0fb373496034cf0b0ee9d67a

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2022-Jul-29 13:22:06
Detected languages English - United States
Debug artifacts C:\buildslave\unity\build\artifacts\WindowsPlayer\Win64_VS2019_nondev_i_r\WindowsPlayer_player_Master_il2cpp_x64.pdb
FileVersion 2021.3.8.11731763
ProductVersion 2021.3.8.11731763
Unity Version 2021.3.8f1_b30333d56e81

Plugin Output

Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
Suspicious The PE is possibly a dropper. Resources amount for 85.0938% of the executable.
Info The PE is digitally signed. Signer: SQUARE ENIX CO.
Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Safe VirusTotal score: 0/72 (Scanned on 2026-02-21 03:31:41) All the AVs think this file is safe.

Hashes

MD5 2210e3ce0fb373496034cf0b0ee9d67a
SHA1 9082ed4de924cd1aa4027b5a7cd6c134bf03c3aa
SHA256 98e09c3e2783569f8010d1356121174050acb64cece67626fff813bd38ca18a5
SHA3 2ec073003937e229f401a708747375996b3abd56438597699aaa7184942979fa
SSDeep 12288:HoCCgQicAGnKOkmvjG+dfBVfaJagobirnT2x0iJ9M6X:IoQinGtk5+dfjaJ/obqnTf6i6X
Imports Hash 5f74a5c747508e2822fdb9b687deaf42

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x118

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2022-Jul-29 13:22:06
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0xa200
SizeOfInitializedData 0x96600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000001260 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xa5000
SizeOfHeaders 0x400
Checksum 0xafea0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 4190b7be9f5f4eb52c040a688e61a250
SHA1 ee3a1c75987c1b0e5e4ed015cbe0c92530bdad11
SHA256 7d92c29b88ce9a3c69a11f70fbc73e302f5d8d66766589406274d31e97ed920b
SHA3 0e04178fbb1a5d03ab267f800a38d342bb9f4a2bb6441604af8a9b52ecb4c4c6
VirtualSize 0xa140
VirtualAddress 0x1000
SizeOfRawData 0xa200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.39724

.rdata

MD5 19fc2b366fa1e13bcdca2ad4c27e7d3e
SHA1 0da76d24f5f6bfcad9977ee381ba97f6163204d9
SHA256 db80eef0ccb59654d4c9650af20c24ea0c95084397b3c149737822e489e64734
SHA3 62be6d51dbeb265b1ff59ada9756b685543d1c52d948c726805bef44e1a2b7b1
VirtualSize 0x8cce
VirtualAddress 0xc000
SizeOfRawData 0x8e00
PointerToRawData 0xa600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.65327

.data

MD5 2e9924c581c86e57e2e2b0ac87e1aa45
SHA1 a1a176fc5c54e8c996a328e810c15c16cdb5b73d
SHA256 90b0d83be28bc06320f7b2ce10f056ecd17badc2e84e2b1533c0454096a1e5a0
SHA3 8c3bb6dfd1204e833639461f26a41ad45e7fa68dcdc97aa4908992d272dc2237
VirtualSize 0x1ce8
VirtualAddress 0x15000
SizeOfRawData 0xc00
PointerToRawData 0x13400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.6801

.pdata

MD5 2717431295e555cdae3fb602e2bd957e
SHA1 408d09336a1192e50edb78d3e7795fbc547ac381
SHA256 d927fd3b2aebd7b714861d2fede4d4929f356363e518385fd3c95e3262524631
SHA3 bbf9f4f071095b27e2349d9a28e1c01b5066c00143b8c5f7a393d2267f8178a5
VirtualSize 0xc54
VirtualAddress 0x17000
SizeOfRawData 0xe00
PointerToRawData 0x14000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.34687

_RDATA

MD5 1960efd573f3d23522c840210d59fb7e
SHA1 47057bb39ae6c80b68d90c47f0cfd7d6bf123ad2
SHA256 ad5bd98e9035110e2e2e7b82ed2fe49ec0fae2d89e05400528a6b48804c441a4
SHA3 225389cba41c0a9e2c3319b0921ec1ef9962e8af175fca30c67bde60763834d4
VirtualSize 0x94
VirtualAddress 0x18000
SizeOfRawData 0x200
PointerToRawData 0x14e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.08512

.rsrc

MD5 1156ccd13b320ea580d9a954a7a48a2b
SHA1 62483b1c24b96c226f9e36ccce9365aca64bf700
SHA256 8837dfa2875a71c1820a1dde6d95cd5d4cbe15753d10cc3929ecd2b0c49b9088
SHA3 2f00d1c64a862cab203617e7d82b420867008f33e26d8256e4cfe284c374c126
VirtualSize 0x8a148
VirtualAddress 0x19000
SizeOfRawData 0x8a200
PointerToRawData 0x15000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.44287

.reloc

MD5 687aa942cda2e64adc67a829f1587240
SHA1 26058e365b4fef9cae39c529017700cd0ccfedb7
SHA256 e5b51406ab27a5065a374454ac72e242a50072d670957430f820af90f479b506
SHA3 8a51aae6ca0ea13d9513cba0336e2446957914c5ba6561a337c3afdf42f3c689
VirtualSize 0x638
VirtualAddress 0xa4000
SizeOfRawData 0x800
PointerToRawData 0x9f200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.79086

Imports

UnityPlayer.dll UnityMain
KERNEL32.dll WriteConsoleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
CloseHandle
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
GetCurrentProcess
ExitProcess
TerminateProcess
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal 1
Address 0x15004

NvOptimusEnablement

Ordinal 2
Address 0x15000

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x42028
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.42721
MD5 42518ca867a16abc83db44846f81b644
SHA1 82ec8dab6b91ffe496b1cde9afaeb5519237a50d
SHA256 a8ae030749653d086c6a6d3ebb9746a3689c1860712945722ac8c873f16fa311
SHA3 4517beca13b290bf5c924d9dbb8274defe6cfd5a3de4ab353fa4be11bb0487cd

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.44394
MD5 7bc517ff39a42b9575929519c9511452
SHA1 114867cc4b2a62c871931f1ca3ab9789550b0324
SHA256 d63a3f2858bf904df438a157c68d24baf2d27e6350d406645310dd320fcf3ef7
SHA3 c5e8f1dcd2091465f4ecd2a1549d96206d5a7671a5bab46682aa8d16f77d9dde

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10828
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.45022
MD5 d269712755d2544f8804ebb0cb4d654e
SHA1 b90e4b9b00eb5219689c0da5ae06a70ca72921da
SHA256 896b7657cf7c782cd9d4c5f8f28b453d9980ffc370bc68aef55efc34edaad568
SHA3 2ff2d14ad7ffe3dcd4f845129bcacc35e3e5c2f7f0f94565caa0d2c544e910a4

4

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x94a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.4439
MD5 60e2397c3eabcf38913198118d54c71b
SHA1 778f74682eccabbb2194d5e7a2a6473a19cada2d
SHA256 4faa567e99e03bda9c69a541a87c3555f20d6a97da5f556d70f73929bd57de08
SHA3 3746f1672c9acec4c3c3429edbbbd26958365203be20e421e06ff01b9ace38e8

5

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.41766
MD5 2d0eb283a94b3d9f029d74c19a525a83
SHA1 1030321b977b18499bdf8517180debf1a28e5c55
SHA256 3ec675c761bf04c2f1692e6e0814fd6834648e2a0269fc2ba57883ea97004342
SHA3 c5624addb715b997ef0a7df1834c96a91aabc23b26c6c71d32f03275762c5f9d

6

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.34248
MD5 0a5d9f83f51c7f35d227027fd0c96cc1
SHA1 63635fc2bfb8ff871e093356f5ab44f67517d6f8
SHA256 fc0416b45c9d9b03888728fafc724a3e35292e2a29eece6e2a424c92c3913445
SHA3 249ffd771a026acd473cfb86ea11c921e2432adebb03ed7bef0e8fdc753c1eba

7

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.31254
MD5 ad57fd79db44ba83484563c5b77357e9
SHA1 35514540615155cf54b4848099220d5cf796d7bf
SHA256 18ebfa8a6e9707cfcda2df5e8055af7a9597e4d5e3f34c5ee60bca86706e4ba4
SHA3 7e432b879880acc6b0e4d9bbc9f4e3984b4003236c7a79b4f308eede37f45cff

8

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x988
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.20796
MD5 76a8aecc419db4e20d96156a3b062dc9
SHA1 9f09a9264adff5148ac7f91d3dc47b8b3339cf30
SHA256 9ef31b2c3ef82ba318d4cd6d4d0874013524605f8ed33b6504d22980e912aa43
SHA3 209f449781d85648836031298b293dc6a9961a12427d21c0a72219f2c6e1c239

9

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.9752
MD5 b94fb5cfaa4f942f35acd662ec8ffa66
SHA1 a4de08acb5cc28dd001ed89fd8208ab52f0ca2e4
SHA256 99630cf82d19a3678f81cb62236e82de56d69ffd8c0241aa8da8659e254cb1a3
SHA3 cb6b40d424c6081802c7fe581833b3224d84ff4957fe38ebec9990a7d0300d9c

103

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x84
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.04448
Detected Filetype Icon file
MD5 f7731730720cfe035cf030b40d0e2eb6
SHA1 d046e23f2ee2b93ad96be8e1dc9120ecf3915091
SHA256 5c92a41adaf3265071482fd1a182ae8702c168636a7d9ff51798ee3a1dfc8500
SHA3 6f2d12e4c63c131a3f7f48293996e2be05da351536d013affe5d2265965ce657

1 (#2)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x1bc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.41667
MD5 6e7cebfd4643d371d4482b8fda4903f1
SHA1 6f05d9861698aa2e2d3d37c3451bcbcb4d721acd
SHA256 d3431dc187e8cf80059e280f184d5f1355c8a9014d0f0bbdbdac6807bdb32444
SHA3 7fc6273add52fcdd0d5dda08b6a3c274e7808663c0dc74829cfaaaee55c6c642

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x6c1
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.37708
MD5 aab7e8aafe7b06ab3d003b54ab5e18ed
SHA1 dccf0408f43059df37b755f3241a8b4b35c728af
SHA256 fb88b19523afd8fed48eddfd10805a3a0a45997bbf8fac04d595ddf93c1a88a8
SHA3 a981b8e907b79cd9448766ace938dfd96560d11c29e6ba165912a8508bd52ca7

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 2021.3.8.819
ProductVersion 2021.3.8.819
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_UNKNOWN
Language English - United States
FileVersion (#2) 2021.3.8.11731763
ProductVersion (#2) 2021.3.8.11731763
Unity Version 2021.3.8f1_b30333d56e81
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2022-Jul-29 13:22:06
Version 0.0
SizeofData 141
AddressOfRawData 0x13780
PointerToRawData 0x11d80
Referenced File C:\buildslave\unity\build\artifacts\WindowsPlayer\Win64_VS2019_nondev_i_r\WindowsPlayer_player_Master_il2cpp_x64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2022-Jul-29 13:22:06
Version 0.0
SizeofData 20
AddressOfRawData 0x13810
PointerToRawData 0x11e10

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2022-Jul-29 13:22:06
Version 0.0
SizeofData 712
AddressOfRawData 0x13824
PointerToRawData 0x11e24

TLS Callbacks

Load Configuration

Size 0x138
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140015030

RICH Header

XOR Key 0x735735a6
Unmarked objects 0
C objects (VS2017 v14.15 compiler 26715) 10
ASM objects (VS2017 v14.15 compiler 26715) 5
C++ objects (VS2017 v14.15 compiler 26715) 136
Imports (VS2017 v14.15 compiler 26715) 2
C++ objects (VS 2015/2017/2019 runtime 29118) 37
C objects (VS 2015/2017/2019 runtime 29118) 16
ASM objects (VS 2015/2017/2019 runtime 29118) 9
Imports (VS2019 Update 8 (16.8.0-1) compiler 29333) 3
Total imports 85
C++ objects (VS2019 Update 8 (16.8.0-1) compiler 29333) 3
Exports (VS2019 Update 8 (16.8.0-1) compiler 29333) 1
Resource objects (VS2019 Update 8 (16.8.0-1) compiler 29333) 1
Linker (VS2019 Update 8 (16.8.0-1) compiler 29333) 1

Errors