Manalyze report for 6b3683508e6ad2e39f5a112a9802d96b

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2023-Feb-17 08:18:02
Detected languages	English - United States
Debug artifacts	BootstrapPackagedGame-Win64-Shipping.pdb
CompanyName	Epic Games, Inc.
LegalCopyright	Fill out your copyright notice in the Description page of Project Settings.
ProductName	BootstrapPackagedGame
ProductVersion	`++UE5+Release-5.1-CL-0`
FileDescription	BootstrapPackagedGame
InternalName	UnrealEngine
OriginalFilename	BootstrapPackagedGame-Win64-Shipping.exe

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: adobe.com http://ns.adobe.com http://ns.adobe.com/photoshop/1.0/ http://ns.adobe.com/xap/1.0/ http://ns.adobe.com/xap/1.0/mm/ http://ns.adobe.com/xap/1.0/sType/ResourceEvent# http://purl.org http://www.w3.org http://www.w3.org/1999/02/22-rdf-syntax-ns# ns.adobe.com www.w3.org`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryExW` `Can access the registry: RegOpenKeyExW RegCloseKey RegQueryValueExW` `Possibly launches other programs: CreateProcessW`
Safe	VirusTotal score: 0/69 (Scanned on 2023-03-08 00:05:40)	`All the AVs think this file is safe.`

Hashes

MD5	`6b3683508e6ad2e39f5a112a9802d96b`
SHA1	`a7e81011baec1abc18e9f4e656d632469902d353`
SHA256	`f8f3aa6fc5a6333b985b44e3d79c56f4f5229560aa7aa674af983d4028b0532c`
SHA3	`65bd2e3b323abb1a1516739bcfb6c466c57970ce3263b0e4f9244717bd7a8b9e`
SSDeep	`3072:QSQ4kFbZRYToNu7P0MAccDwr6CZd09oAlMsJcegY+7o0bJJ7eOcd5tE:QlJFbZRdNuj0pcSwNYo4HOwAJD`
Imports Hash	`df892ac8e07db82dc4381c70cd8fe113`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2023-Feb-17 08:18:02
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x13000`
SizeOfInitializedData	`0x55800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001CA8 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x6e000`
SizeOfHeaders	`0x400`
Checksum	`0x35be1`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0xb71b00`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b463ac434434f3c8b349ce61318e78bb`
SHA1	`962d24be0be619cbd0fb26dc4f08856af81d6b08`
SHA256	`1022989c3c9c6355c34e8f6b1ff39863e21b78b0ce6bf951741b7961a6b96f75`
SHA3	`bfd1539dcfd62d4ef1679c72d0ea5f3c0a1e7d008495b05c93d864404204bb49`
VirtualSize	`0x12f30`
VirtualAddress	`0x1000`
SizeOfRawData	`0x13000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.49036`

.rdata

MD5	`b43bf947567bc51309222a3f454ffb92`
SHA1	`00178e3c05427be80e6b0a84a8b3a2fdaff81689`
SHA256	`f0491fcfebb97e39e9c5d1e8632413a5709db2890110071efaa19829a7a399ee`
SHA3	`48c067b655fbcefeebb55a3ad34e5afa54ddc44d6e90ada76ce27a18c2860154`
VirtualSize	`0xacbe`
VirtualAddress	`0x14000`
SizeOfRawData	`0xae00`
PointerToRawData	`0x13400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.91295`

.data

MD5	`a612c7862944475304a93c1181069683`
SHA1	`29c10cf486bbce4e94bba79a860548617e89ba23`
SHA256	`9ca6a0f3fe46967888554869d95c4814cb1e3dd9061c3a2e0a79276ac4b7975f`
SHA3	`edff869fccf3846fc60d6f5c3ab35fa65dc04071f730c1a7e0be03c73c1bc5d7`
VirtualSize	`0x1d88`
VirtualAddress	`0x1f000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x1e200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.04846`

.pdata

MD5	`2b30cbce7e0908f5f283c90310eef7d3`
SHA1	`c504b9da1195b3cf2158c9173b09a0effa1c5730`
SHA256	`520ea35013b976745951555c0b97783ac02748f521b5c41e0312dbd8cfc1198f`
SHA3	`fe5a1eee37f0b85419b3fa33bad812102d68ea8f3cf4a6ab222bd28841f53bf8`
VirtualSize	`0x11f4`
VirtualAddress	`0x21000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x1ee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.95489`

_RDATA

MD5	`2851ab45dfabaf770e5631ccfadc5b6e`
SHA1	`2b0fd39641f0efdc2c6022c7c744de14757bf099`
SHA256	`98a79a8cefe82ff81d6246241c118f56bc6ce44fd4342c16e3b2d9186f9469e7`
SHA3	`1f36bd637217e347915985aad426dbb71017dc36a31b3971d8141c9b1f4d4f67`
VirtualSize	`0x15c`
VirtualAddress	`0x23000`
SizeOfRawData	`0x200`
PointerToRawData	`0x20000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.82622`

.rsrc

MD5	`cec0822b9beaa64828b73e2160636b00`
SHA1	`b93324b732b4674d55094482d3ad5f687e573af9`
SHA256	`54186ad98118edc3dee30155e7c5c5c7a7dd738a2f6d8fa983ad8fed151e8581`
SHA3	`933bea00943c2df3ec399fc586e5042971b47c59df1c3baaebcbb46474db4a19`
VirtualSize	`0x481ec`
VirtualAddress	`0x24000`
SizeOfRawData	`0x48200`
PointerToRawData	`0x20200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.56683`

.reloc

MD5	`c48f048729a40e91ea40023eefe6e5a7`
SHA1	`d9560742c0a8cbf5246fc3e393397a0664022ab6`
SHA256	`2881664bccbbebf6a62132474bc719064c5861018cb7cc64d2be1b19053a8ecd`
SHA3	`df41471d6b4ed51230a1cc685f892448e24be8c560e47d5dc048f56df67a356e`
VirtualSize	`0x690`
VirtualAddress	`0x6d000`
SizeOfRawData	`0x800`
PointerToRawData	`0x68400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.94736`

Imports

KERNEL32.dll	`GetExitCodeProcess` `CreateProcessW` `GetModuleFileNameW` `LoadResource` `LockResource` `WaitForSingleObject` `FindResourceW` `LoadLibraryW` `CreateFileW` `GetConsoleMode` `GetLastError` `CloseHandle` `SizeofResource` `GetFileAttributesW` `GetConsoleOutputCP` `FlushFileBuffers` `HeapReAlloc` `HeapSize` `SetFilePointerEx` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `GetStartupInfoW` `GetModuleHandleW` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `EncodePointer` `GetStdHandle` `WriteFile` `ExitProcess` `GetModuleHandleExW` `HeapFree` `HeapAlloc` `GetFileType` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetStringTypeW` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `LCMapStringW` `GetProcessHeap` `WriteConsoleW`
USER32.dll	`wsprintfW` `MessageBoxW`
ADVAPI32.dll	`RegOpenKeyExW` `RegCloseKey` `RegQueryValueExW`
SHELL32.dll	`ShellExecuteExW`
SHLWAPI.dll	`PathCombineW` `PathRemoveFileSpecW` `PathCanonicalizeW`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.07991`
MD5	`28acdfa272323d19694f8a1d93254c8b`
SHA1	`f64fb5cb18af4d250cfe4e2ca36740f003af5cad`
SHA256	`979994f02831ee7d431ad7140ce7406ed3a06b4088c190dffddc83c6a4ec5f8c`
SHA3	`3edadde54f48ba8941b8de9c88c9bf8cdef2247e575ae40973a1c248552e4ee1`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x98f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.91141`
Detected Filetype	PNG graphic file
MD5	`bef45cf74ce0e6af1083e7ad651daa2f`
SHA1	`f2b6ff7137a11ced55a45484597b71def44492d1`
SHA256	`b6f068b2ff5f3831494b913e9bfff69349c88087205579a6b9a96c167e524e60`
SHA3	`13913a986a0d6d489bc9c049310f3d9cc2e543d8ab9bffac1b92c87b672eab2d`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x9e7`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.00143`
Detected Filetype	PNG graphic file
MD5	`5308d41a3c949ba0599038317e2c042e`
SHA1	`4f62cd9108deb0a2b2af1a83a5d9d04ce3f149a9`
SHA256	`c10cdd1b627ee53548140c4a255032d39dfb0039413b5c1b9765a1fa0d3f27a9`
SHA3	`eedc41d70787700439e368b8be2ad33f0ed514fff34eb12649aa8dbb6580d493`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xbdd`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.22958`
Detected Filetype	PNG graphic file
MD5	`e592ecd29b8047d0a19d511e1bfa77d4`
SHA1	`25d32e28490be0bf188f6b1c184a996cb466c63e`
SHA256	`bd35429f29158026133e8d2d7b0a5d295913934c6bd8c4d8f2c1457bb824ad11`
SHA3	`072f081abda262627317d936fdfed74e284231e5cd6d38f95131558b2382ac54`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xcac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.34056`
Detected Filetype	PNG graphic file
MD5	`2d7063768024087fc9677df50060499e`
SHA1	`286ce58ffccdfcba5ad60d11af2db07f987d0a48`
SHA256	`521e6a42b587f6e9b964ba2a14c93bfadd94f1f06a2560ed09a7e7dd5043c61e`
SHA3	`e1724a3a38c17996aea1e777df540d48d98e6c21b1d78d92c318e7f9e50533ee`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xdcb`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.41581`
Detected Filetype	PNG graphic file
MD5	`7bf36c29bcb6b5839d85c9c836216593`
SHA1	`86e7a55cacd17d1bda55a1a1de5a03adcba06c2b`
SHA256	`7a96ab7db1fa191a6bd087497c2f55239d7cda01dcc226e742daa80c5bc37de2`
SHA3	`72655fed7cd84d2c2de3957446a52a6a22dff86ca62a37d4e8586e86a1e613f0`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1b13`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.73886`
Detected Filetype	PNG graphic file
MD5	`1f48923337871ba25cf266bba17429cc`
SHA1	`279f47235e20eedee5daa535ea611e0aed1157d0`
SHA256	`2399dfb472a6c753447b847fbb144235145ca6507a60941b5295389c6fc45639`
SHA3	`06825c34eb7fe14d622735aa986a3e26247e95d5493a5b22eb3884f51b155493`

201

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x58`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.99457`
MD5	`cea6e512c718fe315094fb5450ae6f93`
SHA1	`6878e14a2e25bb95e26ec9c067ba1ef1535f7703`
SHA256	`de88fa87438cce80a2b12a56141b94622dfdd5c7e6878f99464afb85b54714c7`
SHA3	`394fbef9fb546a8643509be0996b5d460c54ec29e6259687be2ccc6ff3a77bb2`

202

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.77095`
MD5	`f78e0520396dbb790cd3f599f6010b9c`
SHA1	`ecafa87175c2d661e2e08931a1620c9ee05ddb37`
SHA256	`6ddb231bdbee1f97e6163c93366e7e322ed2569ed0fdd52d9fb77d91bb01c102`
SHA3	`4c3306f84cc442a2140072dc37d636245e13ba315dea3fa1706eea4c52e15f09`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.67095`
Detected Filetype	Icon file
MD5	`464cb94db3a2622922a9562865009ae8`
SHA1	`dbe17c767d942f219df59f9eae77b213c15eab70`
SHA256	`8affd1fa69a6c5a5b54e504d72d4e9a0eba9b7d702a445ea1399a5978794719a`
SHA3	`3e0e32110c6c0f3323eeeb5e4a6cbb7a8db52ab14e0f065384fb4eedac4fbcda`

123

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.93324`
Detected Filetype	Icon file
MD5	`26e4bbdda9f8e58b060feaa53c3083e2`
SHA1	`bd724469fc43a9a58679a7016c303a5693fe9f94`
SHA256	`74c73b469e08909c1b539a80c66cb442d04b3c29cd03e8a533a3c349c5cc84c4`
SHA3	`49df4b8afdcf81a2097c2608740540f7e25ce3aa86c892702db1183998142c1b`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x388`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44761`
MD5	`6feb2402254f0e49b29ea9d99bc29678`
SHA1	`c6122b828da504c17f9303edecdd26080961cdca`
SHA256	`28060e735d6ca51541c5fdecf0292006db92dc1bca0efb4c196dd5f6f27b6f67`
SHA3	`ab89035afbe2ac05d59a182dc09bd6bce61383dbc00d5a4c1da1be703fc2ec85`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x580`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.29956`
MD5	`c61240657e13443faa673941f5309de2`
SHA1	`c0fbe2a825d7b0526747bf774f0924ded81b7462`
SHA256	`527ba3511f5e6271211343cd03168ec681b1afc356ed87eeece038bbd480731b`
SHA3	`e61279125dbdfd1216bc206250bdaf599743f063b1fb74df33968dee1f3c874d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	5.1.1.0
ProductVersion	5.1.1.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Epic Games, Inc.
LegalCopyright	Fill out your copyright notice in the Description page of Project Settings.
ProductName	BootstrapPackagedGame
ProductVersion (#2)	++UE5+Release-5.1-CL-0
FileDescription	BootstrapPackagedGame
InternalName	UnrealEngine
OriginalFilename	BootstrapPackagedGame-Win64-Shipping.exe

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2023-Feb-17 08:18:02
Version	`0.0`
SizeofData	`65`
AddressOfRawData	`0x1cde0`
PointerToRawData	`0x1c1e0`
Referenced File	BootstrapPackagedGame-Win64-Shipping.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2023-Feb-17 08:18:02
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x1ce24`
PointerToRawData	`0x1c224`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2023-Feb-17 08:18:02
Version	`0.0`
SizeofData	`796`
AddressOfRawData	`0x1ce38`
PointerToRawData	`0x1c238`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14001f008`

RICH Header

XOR Key	`0x19f92a5b`
Unmarked objects	`0`
ASM objects (29395)	`5`
C++ objects (29395)	`138`
C objects (29395)	`10`
C objects (31823)	`16`
ASM objects (31823)	`9`
C++ objects (31823)	`45`
Imports (29395)	`11`
Total imports	`106`
C++ objects (31942)	`1`
Resource objects (31942)	`1`
151	`1`
Linker (31942)	`1`

6b3683508e6ad2e39f5a112a9802d96b

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

7

201

202

101

123

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors