Manalyze report for 2f5a87ead5baee4b010ccfa917bd5e820d389ad12441487980bf26c1b05a018b

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2097-Nov-27 18:00:11
Detected languages	English - United States
Debug artifacts	BootstrapPackagedGame-Win64-Shipping.pdb
CompanyName	THQ Nordic/Alkimia Interactive
LegalCopyright	Copyright by THQ Nordic & Alkimia Interactive
ProductName	Gothic 1 Remake
ProductVersion	`++Alkimia+G1R-CL-0`
FileDescription	Gothic 1 Remake
InternalName	G1R
OriginalFilename	BootstrapPackagedGame-Win64-Shipping.exe

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryExW` `Can access the registry: RegOpenKeyExW RegCloseKey RegQueryValueExW` `Possibly launches other programs: CreateProcessW`
Safe	VirusTotal score: 0/71 (Scanned on 2026-06-06 14:13:22)	`All the AVs think this file is safe.`

Hashes

MD5	`3fec3ed5228a86c3e6ec42b87594a881`
SHA1	`015073afd6bc90fa41fd3fbd32eec60ad9f3d1e5`
SHA256	`2f5a87ead5baee4b010ccfa917bd5e820d389ad12441487980bf26c1b05a018b`
SHA3	`6c3541e621de06f2664fb171cf89bbccf803f09b2894aece2d9a56d0eb428dbe`
SSDeep	`3072:f5Xf1Mj6WH/gTyPIF2pc6fbpQv1rIrpr7mqLSgNg/lZkkq/1T4W5SX5B3+YF5DA:1hWfsyPHpPRSBr/lZjq/l5SJxXv4`
Imports Hash	`efcf1052e12adb55a48955419dcfea0d`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2097-Nov-27 18:00:11
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x10400`
SizeOfInitializedData	`0x3b600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001E88 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x51000`
SizeOfHeaders	`0x400`
Checksum	`0x58d2e`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0xb71b00`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`1c7b5ec0c8642772923c64dadc461ab4`
SHA1	`22153b5a87222954dbf5478368512321701849f0`
SHA256	`35a9c14a5b5b2e80df19b937d9188e5cad73d115f939637513ef89c3134f42a9`
SHA3	`d92482dc199263bdd75d30a12ab498d0685594d39b3172c644153266cf6b7783`
VirtualSize	`0x10350`
VirtualAddress	`0x1000`
SizeOfRawData	`0x10400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.47941`

.rdata

MD5	`97f89696a33f2d220eb2c311b7a0c943`
SHA1	`4f8e6c8c26f985db8246065118883e9fcf275df3`
SHA256	`d75dc8587de8c303b6b7e7561fa1533064730500b48622dfc1ecd93cf6bae6fb`
SHA3	`ea4a5e290c99d99f4d870358b90b4ec4c81d4947c0b0430966f11116653e79e9`
VirtualSize	`0xad02`
VirtualAddress	`0x12000`
SizeOfRawData	`0xae00`
PointerToRawData	`0x10800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.8553`

.data

MD5	`63af9c05ad42cc35d3e260ac1a8fbde0`
SHA1	`a42729ea084ac5d7aa7fb32190f3b62dccba06a6`
SHA256	`bd961b8c931087411b6343bfcac3913f4d118f9f801001c90ac62a8a20b0e1c4`
SHA3	`dc53177b04cd28ad2124825650df8e38dc255ccb2c56f04bd02396683f80ea6b`
VirtualSize	`0x1d88`
VirtualAddress	`0x1d000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x1b600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.97914`

.pdata

MD5	`b943edae98b8509864157230d789d502`
SHA1	`4b6ca0a9c2f30eaebf96d6c4279b7fea00cc1b66`
SHA256	`4f437b294e76bd754bacd83215fd765ed3721a0ac58b40786bddbd775357cd84`
SHA3	`d4d1be6d8c6aa20e1504ab68405d0280b5e5b65c98b04d8500473a03ef3b8b8b`
VirtualSize	`0xff0`
VirtualAddress	`0x1f000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1c200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.94603`

_RDATA

MD5	`9e68e1f39bafa3869dc3488844badc97`
SHA1	`e319f0bed5f01985e119f15bb83a48a940981fd7`
SHA256	`3872f08fb4667082a94df9d7c72129142397bf63d945f975268d52702e083331`
SHA3	`45d1c481b30d5ae45345916b1d9216aa07850bb4d2e485e4b30dabfc0dfadb26`
VirtualSize	`0x15c`
VirtualAddress	`0x20000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1d200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.78291`

.rsrc

MD5	`76ce26889cfe9328386f2c182f0e0532`
SHA1	`28748b364f680c8a07b056e64b4b27b727e15199`
SHA256	`774591e04d12c04ccef167edb21378378184cb7adcdc95e6f64f9b19969e7b59`
SHA3	`005d3e5be68f5d2751456c7c461d0daffe2df8906dd73b17040dee601573c042`
VirtualSize	`0x2e03c`
VirtualAddress	`0x21000`
SizeOfRawData	`0x2e200`
PointerToRawData	`0x1d400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.34596`

.reloc

MD5	`cbbb8eafc463bd0063c42d960a9dc403`
SHA1	`8a7a41c8cfdcfcded8a7cfc765af4e8f6186d88a`
SHA256	`f92e110c9e85f715faca01c87b8f9060716480d41e56c2998f09453b79d08b41`
SHA3	`76e56f708a76da945f253eb74c7ba9820e4dc98adb51920873490065036e16a9`
VirtualSize	`0x68c`
VirtualAddress	`0x50000`
SizeOfRawData	`0x800`
PointerToRawData	`0x4b600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.9658`

Imports

KERNEL32.dll	`GetExitCodeProcess` `CreateProcessW` `FreeLibrary` `GetModuleFileNameW` `LoadResource` `LockResource` `WaitForSingleObject` `FindResourceW` `LoadLibraryW` `WriteConsoleW` `CreateFileW` `GetLastError` `CloseHandle` `SizeofResource` `GetFileAttributesW` `GetConsoleMode` `GetConsoleOutputCP` `FlushFileBuffers` `HeapReAlloc` `HeapSize` `SetFilePointerEx` `GetProcessHeap` `LCMapStringW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `GetStartupInfoW` `GetModuleHandleW` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetProcAddress` `LoadLibraryExW` `GetStdHandle` `WriteFile` `ExitProcess` `GetModuleHandleExW` `HeapFree` `HeapAlloc` `GetFileType` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetStringTypeW`
USER32.dll	`MessageBoxW` `wsprintfW`
ADVAPI32.dll	`RegOpenKeyExW` `RegCloseKey` `RegQueryValueExW`
SHELL32.dll	`ShellExecuteExW`
SHLWAPI.dll	`PathCanonicalizeW` `PathRemoveFileSpecW` `PathCombineW`
VERSION.dll	`GetFileVersionInfoW` `VerQueryValueW` `GetFileVersionInfoSizeW`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.10043`
MD5	`dd331b4ba3a0cf6399c2f4a7de7cbcef`
SHA1	`2383b9152182902b7e08bb8ae167635e0365e48e`
SHA256	`bd85e5758e49ba5442c310317e60d2fc4233a2974e468bc82ee4afb77fd62934`
SHA3	`c950ee244cb9e976f9496fff8f7920f0baa99a8404216d993a17afcfc0a5f80d`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.39435`
MD5	`97366ed6285fcae0eb112e0755d76915`
SHA1	`44aad68be753e85b37aa729bd1e4376001db36df`
SHA256	`c398de565153fb2535994c758764385af21318aa74ccbdda0158382009d07839`
SHA3	`22159452b92fc93689a8a8207c8479be059d9c24ef446c8a0afb6c8fab5e1652`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.73809`
MD5	`d4e4d3d5ff422b93b0f6cf3ee67c677c`
SHA1	`bec720a842e85a6a7de30aeb9b106de4a958e9ab`
SHA256	`f8d6b58afbb23b7a7dfbc3c0789222ebcae21deefbba49685c96861695595f24`
SHA3	`de2de68fe891ff2ed29ad42b01a9171dda24774e2b647809ba38965b842a0133`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.41072`
MD5	`ec9272e2539e102e76ce446d020e4c54`
SHA1	`1a948070bf9282bc55672cf7a176bdb9af18387c`
SHA256	`1259391d909d24a01b48cd71e9f31550b45cfe3f9fd457fba7ff7abb5e3848dd`
SHA3	`8a0cdc6031ccb8ed1fe367e8d58672dd3a44751f488aa1bc4b06d66e51f5e732`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.85871`
MD5	`17a23f20f998c53627359de699cf721a`
SHA1	`8a5a43fc9317e007bc821d8cc20fc666c3f2856f`
SHA256	`ecd97180b1fd587ff4cda980dd1d439150eb3cd2d9eff46c173574240303fca5`
SHA3	`f7b0684f22b747b6747d8d3fd9165cb089ffbaac935838ee5f02a16e71842e2c`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14ea1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99136`
Detected Filetype	PNG graphic file
MD5	`ef3facf88a589fd7517f39158d5683bc`
SHA1	`a015ef9a8bb1554db06546aeb33e9d9a361fb7b2`
SHA256	`06db90a88c059c24eb014832380846603ee0f82bee0ee7d1f910ebfa93b56e80`
SHA3	`4a4cc874a69b723cdc662b42562b3b7d0468910ef55bbd9cb12c786ee9e14b82`

201

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x54`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.03102`
MD5	`8b3a9529f1369b67c1986da158ecb744`
SHA1	`b8176f9cf1a53724f4601f8fbd2e734d3128830b`
SHA256	`a7a9f9dd6ad6eadf98bf03a6bb42c4c947a21344caf4353f04d429f734397be8`
SHA3	`5eee8d2039aa802373993c3db8719406b39550ddec4c7913a864ddf65efd20ae`

202

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.54879`
MD5	`f1a99bb9f6f5aa75c46717a4cf1731d6`
SHA1	`2969421a7012701fb2593083a1f149c228def033`
SHA256	`bf52e79a5b2e8b6c57446872c815572226b34b669ac273643e3f91b8c6ff3d95`
SHA3	`a17268b455a3815bba167484cc0f84f1967e9ada4818e2149d7f998ea8bd5ea5`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82454`
Detected Filetype	Icon file
MD5	`c0bc7221f0751e15f24857e560ed9a80`
SHA1	`87cd017c7ceeacf46be2af132ac3e8873ee28ce3`
SHA256	`c65b984c81353956dc2603bb951249b6da96bbffa1d624f1fc248ca9cc1beaf7`
SHA3	`e53757548cafcd7c4db40cf7e909966801ee161e6c0532b8c7d950ab0cc818f8`

123

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82454`
Detected Filetype	Icon file
MD5	`c0bc7221f0751e15f24857e560ed9a80`
SHA1	`87cd017c7ceeacf46be2af132ac3e8873ee28ce3`
SHA256	`c65b984c81353956dc2603bb951249b6da96bbffa1d624f1fc248ca9cc1beaf7`
SHA3	`e53757548cafcd7c4db40cf7e909966801ee161e6c0532b8c7d950ab0cc818f8`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x334`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.48892`
MD5	`045fb9802c4654a69f5d8bfa83bc0e73`
SHA1	`1aa2720d955955d439777df70614649bcd7e486a`
SHA256	`962a948fdac970bf9ec6d547a16faa577bb46d634d00ab9d2e0adc56d597e32a`
SHA3	`e050a4d53235d93ef158b477344c25f038a0f1de97c0430867813afb1f5ae2bf`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x580`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.29956`
MD5	`c61240657e13443faa673941f5309de2`
SHA1	`c0fbe2a825d7b0526747bf774f0924ded81b7462`
SHA256	`527ba3511f5e6271211343cd03168ec681b1afc356ed87eeece038bbd480731b`
SHA3	`e61279125dbdfd1216bc206250bdaf599743f063b1fb74df33968dee1f3c874d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	5.4.3.0
ProductVersion	5.4.3.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	THQ Nordic/Alkimia Interactive
LegalCopyright	Copyright by THQ Nordic & Alkimia Interactive
ProductName	Gothic 1 Remake
ProductVersion (#2)	++Alkimia+G1R-CL-0
FileDescription	Gothic 1 Remake
InternalName	G1R
OriginalFilename	BootstrapPackagedGame-Win64-Shipping.exe

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2097-Nov-27 18:00:11
Version	`0.0`
SizeofData	`65`
AddressOfRawData	`0x1b0d0`
PointerToRawData	`0x198d0`
Referenced File	BootstrapPackagedGame-Win64-Shipping.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2097-Nov-27 18:00:11
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x1b114`
PointerToRawData	`0x19914`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2097-Nov-27 18:00:11
Version	`0.0`
SizeofData	`796`
AddressOfRawData	`0x1b128`
PointerToRawData	`0x19928`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2097-Nov-27 18:00:11
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x1b444`
PointerToRawData	`0x19c44`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14001d008`

RICH Header

XOR Key	`0xca6cdb2b`
Unmarked objects	`0`
C objects (27412)	`11`
ASM objects (27412)	`5`
C++ objects (27412)	`138`
C objects (VS 2015-2022 runtime 32533)	`16`
ASM objects (VS 2015-2022 runtime 32533)	`9`
C++ objects (VS 2015-2022 runtime 32533)	`43`
Imports (27412)	`13`
Total imports	`105`
C++ objects (32824)	`1`
Resource objects (32824)	`1`
151	`1`
Linker (32824)	`1`

Errors

Leave a comment

No comments yet.