Manalyze report for 05ca83656d33ae5996fffe515138d190b81a9dcf62358d33e2d821a3b53ccd07

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2092-Feb-07 05:49:58
Detected languages	English - United States
Debug artifacts	BootstrapPackagedGame-Win64-Shipping.pdb
FileVersion	`++Project+SN2-Release-Hotfix-Live-CL-113109`
CompanyName	Epic Games, Inc.
LegalCopyright	Fill out your copyright notice in the Description page of Project Settings.
ProductName	BootstrapPackagedGame
ProductVersion	`++Project+SN2-Release-Hotfix-Live-CL-113109`
FileDescription	BootstrapPackagedGame
InternalName	UnrealEngine
OriginalFilename	BootstrapPackagedGame-Win64-Shipping.exe

Plugin Output

Suspicious	PEiD Signature:	`UPolyX V0.1 -> Delikon`
Info	Interesting strings found in the binary:	`Contains domain names: adobe.com http://ns.adobe.com http://ns.adobe.com/photoshop/1.0/ http://ns.adobe.com/xap/1.0/ http://ns.adobe.com/xap/1.0/mm/ http://ns.adobe.com/xap/1.0/sType/ResourceEvent# http://purl.org http://www.w3.org http://www.w3.org/1999/02/22-rdf-syntax-ns# ns.adobe.com www.w3.org`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW LoadLibraryExW` `Can access the registry: RegOpenKeyExW RegCloseKey RegQueryValueExW` `Possibly launches other programs: CreateProcessW`
Safe	VirusTotal score: 0/70 (Scanned on 2026-05-18 16:38:26)	`All the AVs think this file is safe.`

Hashes

MD5	`9fe711ec04b9c2861c0f44aa57bee3b2`
SHA1	`d21fedb8403f152e3cf3afcdac7d7811006a0837`
SHA256	`05ca83656d33ae5996fffe515138d190b81a9dcf62358d33e2d821a3b53ccd07`
SHA3	`44cf9c18decae6c488df1bc38c3b5ac2cf01cc37b0ef295cec6fd23845a7681f`
SSDeep	`6144:lvudZJp30u31EwZGIMs2QprW2WBYOMKEwF6YsZgy1LpHnJssgoZglTsZgbP/Wne:lvudzp3hlVZGIMBvEwF6Y5adnTATsSb`
Imports Hash	`a8ff415d7b5164307cdba18944ae4f5d`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2092-Feb-07 05:49:58
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x14800`
SizeOfInitializedData	`0x43800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000023A8 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x5e000`
SizeOfHeaders	`0x400`
Checksum	`0x38c9d`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0xb71b00`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`9b84a8b0cfb73ff9ead1d8752128d53d`
SHA1	`5e5d4b020baf205c6d2ba83475d051c3fa473e27`
SHA256	`8fbb3f305a77ddd7809488a85a26e57337597b0bda8ce705f5bcc24d7d0173ea`
SHA3	`2fb3f1af4d642a1bd676fe13613246788df9df6cc1fbcba661368438905eae19`
VirtualSize	`0x146b0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x14800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.50127`

.rdata

MD5	`65c7a1322975e59fc93bcaad772224ac`
SHA1	`42f796e19202d820129d257aaa4b9811f789f1c6`
SHA256	`c5313c093ae8d3c0dbb661dc8eca6ece4ca63a44015a2fac5aa78dbea9bb8cdb`
SHA3	`e6ee1b31d5d3259abadbd722a664d12327f50a9f1e469117cb20e36d8d51e93e`
VirtualSize	`0xb34e`
VirtualAddress	`0x16000`
SizeOfRawData	`0xb400`
PointerToRawData	`0x14c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.94212`

.data

MD5	`1de2a43092f58f87d09a6ac6c8e26828`
SHA1	`a9f3f12b38148f5a50ba641e5a4cf873d94f5c85`
SHA256	`b451bdddc622502ab50ff8b2fed00aad9af18d9ca73dd9071ca522e26e862e8b`
SHA3	`c18f8e8fe0136d13229a7244127b01848fe521703a7074e3673b13d998781c4a`
VirtualSize	`0x1e20`
VirtualAddress	`0x22000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x20000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.06818`

.pdata

MD5	`6c4c489ddfeac2064350caa0f246a461`
SHA1	`b4ff718fd9f56da1663702e8e9f07b0ed81013af`
SHA256	`7d46bf332f8355cde7242d82a7cd8f5b6b4191d673ca93a5da057709bbbd87de`
SHA3	`13ab4fca980eadd8608b5544580cdc6a4c8f425b8a5f5572f8719cb5d04ac9b6`
VirtualSize	`0x12d8`
VirtualAddress	`0x24000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x20c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.82883`

_RDATA

MD5	`f445a292d6e54ae5c5d81e08ee42752e`
SHA1	`0a2372426822a2994a59b33ee5097a5ccfb0ca03`
SHA256	`a44e793c03000987b44697a5a2d62de85f58208b6b0ce6ac403c0cde851c0ea8`
SHA3	`8c92e1790bf015df80e1b1fb4bf6d4ed888fa4122e4a1bfc1fcdabfae2cbceb8`
VirtualSize	`0x1f4`
VirtualAddress	`0x26000`
SizeOfRawData	`0x200`
PointerToRawData	`0x22000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.71282`

.rsrc

MD5	`d7616d73a9408b3d2e0846a2ba303f26`
SHA1	`e98105e0c6c782d0b3f4a8632776c6f24b047e7e`
SHA256	`32dcfe92f7dd9efb62eb7ca9877e2b868117affa6004160fd7d77d572e84a75a`
SHA3	`8bff8f12516f862e2f5ed276b74c7272dc49d098cb35c6fbf6ea751d303bf6f3`
VirtualSize	`0x3589c`
VirtualAddress	`0x27000`
SizeOfRawData	`0x35a00`
PointerToRawData	`0x22200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.50846`

.reloc

MD5	`3445349fa2e33b962b47efb5fac52ce9`
SHA1	`4635fec254a44fa1cd30e0c2de32df51b923e096`
SHA256	`ec6eb6493665825909e79dbd36d92e17d92142fd1ef13dc0b50624955ecf4013`
SHA3	`d74d211e8bbc0ea7499af536ac44599d3a8c4251313af67e284957e1c5ee5f81`
VirtualSize	`0x69c`
VirtualAddress	`0x5d000`
SizeOfRawData	`0x800`
PointerToRawData	`0x57c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.95886`

Imports

KERNEL32.dll	`WaitForSingleObject` `GetCurrentProcess` `GetExitCodeProcess` `CreateProcessW` `FreeLibrary` `GetModuleFileNameW` `GetModuleHandleW` `GetProcAddress` `GetLastError` `LockResource` `SizeofResource` `FindResourceW` `LoadLibraryW` `WriteConsoleW` `CreateFileW` `CloseHandle` `GetFileAttributesW` `LoadResource` `GetEnvironmentVariableW` `GetConsoleMode` `GetConsoleOutputCP` `FlushFileBuffers` `HeapReAlloc` `HeapSize` `SetFilePointerEx` `GetProcessHeap` `LCMapStringW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `GetStartupInfoW` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `LoadLibraryExW` `EncodePointer` `GetStdHandle` `WriteFile` `ExitProcess` `GetModuleHandleExW` `HeapFree` `HeapAlloc` `GetFileType` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetStringTypeW` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree`
USER32.dll	`MessageBoxW` `wsprintfW`
ADVAPI32.dll	`RegOpenKeyExW` `RegCloseKey` `RegQueryValueExW`
SHELL32.dll	`ShellExecuteExW`
SHLWAPI.dll	`PathCanonicalizeW` `PathRemoveFileSpecW` `PathCombineW`
VERSION.dll	`GetFileVersionInfoW` `VerQueryValueW` `GetFileVersionInfoSizeW`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.33199`
MD5	`6bdc30c708770637ef11f98a536c0694`
SHA1	`dd91500f22f33cbae49485ae49704b9076197afe`
SHA256	`a0b2c80fdc0f4b08b0c5e29b046f0c002ea24b1ea43874bff2713c249f00d8e9`
SHA3	`bee6ebd60f3f67d9ee2003cc6fd50b8611c9792a4c62f805b6c2b4864f3dc448`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.54002`
MD5	`c6f0207e9ff82af1cff10b14c2567a40`
SHA1	`15ab7968c1702195b1da2a0546339daa4e1775ed`
SHA256	`0174774afad7f90717348801320182350014aaa74f8026b91823c2030188d130`
SHA3	`ceba74c064a832964e2d51b7515f19de0f42cf51e7099bbf28862382de8b9e52`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.52928`
MD5	`83444bd3274e79a322f4c58430568b1e`
SHA1	`d17ac8a37696ca103fde37f89b30a08dc6e22170`
SHA256	`6b004753cc04f916484dd2900cd0c73cded72cc5390fd0e274057fdcf635b824`
SHA3	`60d3ac90c64bfb51bd2a8e79c279efa297c9e81207a951c02f3176591c3ca693`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.56082`
MD5	`2ee010597dfe7cc7bbf813c9fbc3c2bc`
SHA1	`09d46c4f485830b9dbe9ed6a4c0a1b815f0a01a3`
SHA256	`04d7321ef119bb1008f2d808fe26a19fab26f00eb8c1baa51d1309a7bddfcfe5`
SHA3	`b02534e55ffdc01d8f11233ff816a747c15dd715b9ed00a00e68b93b196894e6`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.56057`
MD5	`6c4157c27a0ed20ac0251d9009715649`
SHA1	`62603bfc9ae1b5f5e0173527ee79e0ff62c6f1f6`
SHA256	`921af15d370484d8a88ba7f8e31c772056616f9c2e3f02139a55810ec57bf28a`
SHA3	`dee959198b7701bf5f7960b607d41b9bb6762b434648f701653b164d19d82e05`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1aa90`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99608`
Detected Filetype	PNG graphic file
MD5	`bd18f6b96ab0c5c517475dede53f5581`
SHA1	`68fe2789f01cc9cb42208b29547a8ac497268fcd`
SHA256	`50b04949cbb0b3140986c5f0baf53c748d3f6b360333d186cd6451ed6206a8e1`
SHA3	`3fa13cb1c5f50723137a1f8670b93ddc28ac6c8ed0a70df222141c28056b0739`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1b13`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.73886`
Detected Filetype	PNG graphic file
MD5	`1f48923337871ba25cf266bba17429cc`
SHA1	`279f47235e20eedee5daa535ea611e0aed1157d0`
SHA256	`2399dfb472a6c753447b847fbb144235145ca6507a60941b5295389c6fc45639`
SHA3	`06825c34eb7fe14d622735aa986a3e26247e95d5493a5b22eb3884f51b155493`

201

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x74`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.07815`
MD5	`9dc9387d4c924a1b0138b145283ab210`
SHA1	`9ad1cf5d2d4f342526f1ae82039c07759407f5d9`
SHA256	`e6ee7baa9ad15b773268bc42d9a701e3cf1980e3754b0e878898ca3f127b1933`
SHA3	`8ea741489452949f4dafd969d41e728e6b7f2f0449c69bd544f2beb2f0dd4837`

202

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x18`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.41389`
MD5	`60e0a3526b04d5b94a6c19f2613222f2`
SHA1	`df9c5cc6f8fcdd2242d38bf5b8aebb18b5b22f02`
SHA256	`7086d5f1e969236f872537a5e3589826f87c76a91e06e65a691e0bf264877e2c`
SHA3	`c2ec0c586f8544151249aabe96e95cab05d5bbd99c38e759b4b70afd97a23e1d`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82454`
Detected Filetype	Icon file
MD5	`64c44cd6fad29698a9f8ac6548276f25`
SHA1	`de3b1e0f90cec0012d013354051672a25e32ff63`
SHA256	`18f9399f42dc04f1beb4530e3e892ac973ff1b940a54ac78f3e245842e3a7afe`
SHA3	`4cbb42af0000a61c13919aea53a189baf4d8ed04531de8154b53646f47090e96`

123

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.93324`
Detected Filetype	Icon file
MD5	`26e4bbdda9f8e58b060feaa53c3083e2`
SHA1	`bd724469fc43a9a58679a7016c303a5693fe9f94`
SHA256	`74c73b469e08909c1b539a80c66cb442d04b3c29cd03e8a533a3c349c5cc84c4`
SHA3	`49df4b8afdcf81a2097c2608740540f7e25ce3aa86c892702db1183998142c1b`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x428`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.50839`
MD5	`1a74ff29f892f9c34682bf07078916ea`
SHA1	`2ca556eecdd0d30d255cc9ed76476bf8dc166d38`
SHA256	`5dc40b6ea0c0f6d98fa6edb6f129a739aacfa369070bfece2a4cd988b4bb7d0e`
SHA3	`3f42d17e98ec836979ee38ec0cc451ee4416313644b1fc4a1e8811eeeb90e6f9`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x580`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.29956`
MD5	`c61240657e13443faa673941f5309de2`
SHA1	`c0fbe2a825d7b0526747bf774f0924ded81b7462`
SHA256	`527ba3511f5e6271211343cd03168ec681b1afc356ed87eeece038bbd480731b`
SHA3	`e61279125dbdfd1216bc206250bdaf599743f063b1fb74df33968dee1f3c874d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	5.6.1.0
ProductVersion	5.6.1.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
FileVersion (#2)	++Project+SN2-Release-Hotfix-Live-CL-113109
CompanyName	Epic Games, Inc.
LegalCopyright	Fill out your copyright notice in the Description page of Project Settings.
ProductName	BootstrapPackagedGame
ProductVersion (#2)	++Project+SN2-Release-Hotfix-Live-CL-113109
FileDescription	BootstrapPackagedGame
InternalName	UnrealEngine
OriginalFilename	BootstrapPackagedGame-Win64-Shipping.exe

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2092-Feb-07 05:49:58
Version	`0.0`
SizeofData	`65`
AddressOfRawData	`0x1f320`
PointerToRawData	`0x1df20`
Referenced File	BootstrapPackagedGame-Win64-Shipping.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2092-Feb-07 05:49:58
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x1f364`
PointerToRawData	`0x1df64`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2092-Feb-07 05:49:58
Version	`0.0`
SizeofData	`836`
AddressOfRawData	`0x1f378`
PointerToRawData	`0x1df78`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2092-Feb-07 05:49:58
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x1f6e4`
PointerToRawData	`0x1e2e4`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140022040`

RICH Header

XOR Key	`0xcfdaedae`
Unmarked objects	`0`
ASM objects (30795)	`5`
C++ objects (30795)	`139`
C objects (30795)	`10`
Unmarked objects (#2)	`1`
C objects (VS 2015-2022 runtime 33030)	`16`
ASM objects (VS 2015-2022 runtime 33030)	`17`
C++ objects (VS 2015-2022 runtime 33030)	`45`
Imports (30795)	`13`
Total imports	`111`
C++ objects (33145)	`1`
Resource objects (33145)	`1`
151	`1`
Linker (33145)	`1`

Errors

Leave a comment

No comments yet.