Manalyze report for 7497b0b978b343fcbed69bef3a476953

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Mar-31 06:09:41
Detected languages	English - United States
Debug artifacts	BootstrapPackagedGame-Win64-Shipping.pdb
CompanyName	Epic Games, Inc.
LegalCopyright	Copyright 1998-2019 Epic Games, Inc. All Rights Reserved.
ProductName	BootstrapPackagedGame
ProductVersion	`++UE4+Release-4.22-CL-5660361`
FileDescription	BootstrapPackagedGame
InternalName	UnrealEngine
OriginalFilename	BootstrapPackagedGame-Win64-Shipping.exe

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryExW` `Possibly launches other programs: CreateProcessW`
Suspicious	The file contains overlay data.	`61040 bytes of data starting at offset 0x2f190.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`7497b0b978b343fcbed69bef3a476953`
SHA1	`326dce77022a85e35e68b4699b79fed4e6d5c998`
SHA256	`bfbf4fce86319ea9b27e12cddfbd9d79ef305e573103b4ad50446b31f50914b7`
SHA3	`77ba6b35d062021e160bcc674d1b08b3b2e00523a0e056932801cc60c75ac5a7`
SSDeep	`3072:AjWIVjlLVqyAehRTnRxaW/V+0eipbl/jHFlhEf666waebbd5cQClGXcD:SWaPqfURTnl/feMbl/hTfkulGq`
Imports Hash	`1708064a8d6bd384eaa937e5d49d514b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2019-Mar-31 06:09:41
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xf600`
SizeOfInitializedData	`0x2e600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001A9C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x43000`
SizeOfHeaders	`0x400`
Checksum	`0x36594`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x4c4b40`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`6ec783a5b5c5bc7f3538c7ef4d4bb995`
SHA1	`60c1159327ec1935703cbd3cac8a2607fbab7bba`
SHA256	`944658118c1a2a2fa1db0bd9b24de0e06354f852becc662f977a91c4607c219a`
SHA3	`adf78392ab98e8cef527e744fa069980cd0c3945faf5bbd3f043a53da06d4e64`
VirtualSize	`0xf410`
VirtualAddress	`0x1000`
SizeOfRawData	`0xf600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.43161`

.rdata

MD5	`6d3a76f3d3c52a05533d9025837b2f2d`
SHA1	`9c3660bd8644d6edc027b2242daf584dc8414a13`
SHA256	`ef7bc85bc1d7d832324889e49b213d0512009e55012de0088a40ef75b50d56e6`
SHA3	`bcf072ece7cf48dbbb2adb2cdb8ef5ad7f9537ecd3ed7ebfc726cf9c2e12eaad`
VirtualSize	`0xa166`
VirtualAddress	`0x11000`
SizeOfRawData	`0xa200`
PointerToRawData	`0xfa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.00573`

.data

MD5	`5782949dc352ebff5eaecd2605b4aa58`
SHA1	`41b69db5925485100f98b5ba36dee344810525ab`
SHA256	`a94c78fd80f791699db1427d663e5951174ec42dc66f24174a3cd04e902e6fbf`
SHA3	`02d6e1f03f3d4881a013efaa8e1dea226e9d72033f3cf17d984318b9052b71d6`
VirtualSize	`0x1c70`
VirtualAddress	`0x1c000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x19c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.15465`

.pdata

MD5	`d31c7a620b80864cf1ea5964c3d9c12f`
SHA1	`dc142171fcf5fc948f3d5df112a47b3603991e97`
SHA256	`6081086adabf387d3c94fc44919381fbbfca82e27a38f401b6337b989448e465`
SHA3	`1b6fe2d40e5c2938b664e93c914f1d75890ad93e9eea58c559006f77562fdb53`
VirtualSize	`0xf3c`
VirtualAddress	`0x1e000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1a600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.73199`

.rsrc

MD5	`7b908bbe7c17cca2b9b06c8a99c95ddd`
SHA1	`60e5420c7b89f14bf731370174fce11b49bf2a25`
SHA256	`53c287b6297fbc6121e7fb8e9f07da6fc693129bb28249aef4ba20ff53f1b619`
SHA3	`d12e31c3c23cfa89e1bda301516d7c8e8b61cae7f7775d1475a40e7e45ada8b2`
VirtualSize	`0x220a4`
VirtualAddress	`0x1f000`
SizeOfRawData	`0x22200`
PointerToRawData	`0x1b600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.00454`

.reloc

MD5	`fc4be7568a9e59d46e7a7a24305ec8bd`
SHA1	`5e6f10605de3e3675b810b85275377b46a822046`
SHA256	`0e02e5741982efc5bec9ede874653c15c2db855fe5669ad20492ee897e90c858`
SHA3	`84ae998e29e81fe46f202f2cfd06f3a99469580d5e233d049c6ccc7685c7f205`
VirtualSize	`0x63c`
VirtualAddress	`0x42000`
SizeOfRawData	`0x800`
PointerToRawData	`0x3d800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.80611`

Imports

KERNEL32.dll	`GetFileAttributesW` `CloseHandle` `GetLastError` `WaitForSingleObject` `GetExitCodeProcess` `CreateProcessW` `GetModuleFileNameW` `LoadResource` `LockResource` `SizeofResource` `FindResourceW` `LoadLibraryW` `WriteConsoleW` `CreateFileW` `SetFilePointerEx` `GetConsoleMode` `GetConsoleCP` `FlushFileBuffers` `HeapReAlloc` `HeapSize` `GetProcessHeap` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `GetStartupInfoW` `GetModuleHandleW` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `GetStdHandle` `WriteFile` `MultiByteToWideChar` `WideCharToMultiByte` `ExitProcess` `GetModuleHandleExW` `GetACP` `HeapFree` `HeapAlloc` `GetFileType` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetStringTypeW` `LCMapStringW`
USER32.dll	`wsprintfW` `MessageBoxW`
SHELL32.dll	`ShellExecuteExW`
SHLWAPI.dll	`PathCombineW` `PathRemoveFileSpecW` `PathCanonicalizeW`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.72379`
MD5	`f924d976035a1a6d3f1e0269b09fe140`
SHA1	`2ed4a4bb3694469f47037115226f51721dfa5c11`
SHA256	`c9aad4e8b30b9ca0962eacbfc4b94b8d8ae1a7ad134eb3b178984a85431232a4`
SHA3	`4c9ba2c2a8b92013776e123c4422bb00dd82eef7f23a30f67e518854fae90155`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.32621`
MD5	`a19c4eb6e7b1faa96b038d375fea54f3`
SHA1	`11da87665a11db070060945ba38e3cb6014b1471`
SHA256	`f7f2f69ea57422f6159e9f0cf9a784ad5488b8fdd6425459b69c9e02764b2d41`
SHA3	`bcfd651bd372dd3c975909a8f7c81045af1acd8e327d2cba3663b8dd2ad40a11`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.31122`
MD5	`7fc890b810d61e68577cc127a40f4cd3`
SHA1	`da3b329adfc29860c2e9cfd2a1ff5aeed41a025f`
SHA256	`fce72164e97bcfd200f5b15c8a64fff9912443ea32ab4e3005656f0accec402a`
SHA3	`5de53c059f570051f9d6f9cf62c8199a99f9d623b7ee9f4abadcc51cd5f958d8`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1a68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.98346`
MD5	`57aea54c58ee3d321b439a10465acfe7`
SHA1	`202a00eb4622c5600ebcfe08aa030cf36319f326`
SHA256	`ae01bfb1f63acbe1c5c719aa3f2ba177da06e93bb094ae32cf69d2715d77c6f8`
SHA3	`1634dcca13debce3335c27c32cf16ed6974c11de36cf4f617c0de908e25a3708`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.8626`
MD5	`f0c155eafba2c2d26790b0f1fd558fdf`
SHA1	`20d8355a72f2446f841363f3b8be1792dfc25b23`
SHA256	`6aa0fe78eb5b810f3ef5aa5bdc0f72d39338d85304ccdc07ee99c8aa2ec3c5f8`
SHA3	`4312bc701c3c97df9c12d8b68b0f0330a2a65a6d8fde3f9a9c747f358cb802f6`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.65159`
MD5	`29f0d74f3fdeb6bd6b1beec1cf376e96`
SHA1	`2ba6b8bda42ee46a50e86755e066389e5505e82a`
SHA256	`bfa29d39bd2906b5b5c7bb265580de6ae93e18698587d989a3bf9f64f348ab80`
SHA3	`5f4d784e6664af81ea692821bfc7aec5e83b56bb6bf4ee267eef8608e50098ae`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x6dba`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.96687`
Detected Filetype	PNG graphic file
MD5	`8059254f4a924ffe06540d79a8c07f28`
SHA1	`6421dbb12d7b3800661be808d6d7682c007bc3ff`
SHA256	`d29e6ce4975f3149e7c171782af13ab3ec8d49cd3a9ad8df6d2cf3228e0a7b36`
SHA3	`0b355a8b01f93b124b328ecb192f06ff50590f49a66f578ec6d5c01ac620294e`

201

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.86551`
MD5	`9eceb3bd99a6722f988585fa0f987a33`
SHA1	`3da075e14d8c6e3d16270d4f2a23b778ef08a592`
SHA256	`25772d9a4b03b6347c6a8b47d69368467a5314f1d12f85ae3e7ca63bb4808e2f`
SHA3	`f96507377f2706efe90bc2ca4319a078fd46dbb14a442dc621fc4b7a4bb89bdc`

202

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.11924`
MD5	`47a6708a060c2b7f856ddfcb0010272d`
SHA1	`73713e6d761bdd617482ede3efd70f5b99db0e06`
SHA256	`5e5ead504b3baa63b80fe7750bf1d1021a4dff1a1e07986e36bfb2f9ec84fcb4`
SHA3	`1e281abd2646e97f8c40a346605a3dfc888b0407a98c5b28e8c0225782eea3fc`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.98048`
Detected Filetype	Icon file
MD5	`38388dda6548693f4d42f2241a4218d7`
SHA1	`78bedd12a20f97e31e58742381f3d0ca1edb4715`
SHA256	`cd0991dd595a1392452a8c7ccf089e73626bc6eed1fd3f54ee4c6aa7ffbaedba`
SHA3	`9ace1e9f008d60580379cdfdcd4119706c82d52d2e5fdb9e5745fa00864cc1a8`

123

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.86829`
Detected Filetype	Icon file
MD5	`377a924dac4dd315d5ed7bcece174ccf`
SHA1	`de007db68845ceaf787124b1c338836e7dfcd09a`
SHA256	`173129aa93a35076898aae0755064f7ff8d1c4ef18056c9fa97b7c1cf2448830`
SHA3	`1f34630dd6ecc4d5db9a6fe1a963b4a4329332fb55dcaf20687d1658c698c010`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x370`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.5114`
MD5	`acfc368a2db7d25b0754ff733023006e`
SHA1	`898c10a501f879b3db379f3e6f12d5379c1af783`
SHA256	`4935b79b9686c1784f08a34db0216d68f32e1ea386f9ef48c998585c62bad429`
SHA3	`2afb2ebff218ab26ca2de5c6637ca9ce3016f2c5474ca5ff86322ad0196479ad`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x70e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.28199`
MD5	`f693ed7c5a88e122bf2bb8fa66d17c14`
SHA1	`757692e7896b5896e8feac863e37d9be7d25d005`
SHA256	`74f0aa5e7161a9ca7e2e7bd6c5bc48a7f0c65098adbf5d32b25a8428f4902ee2`
SHA3	`b0b695622b15b968fba5937ab6e97b0dfb12b4977d9644fbaa1eac1c86458d55`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	4.22.0.0
ProductVersion	4.22.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Epic Games, Inc.
LegalCopyright	Copyright 1998-2019 Epic Games, Inc. All Rights Reserved.
ProductName	BootstrapPackagedGame
ProductVersion (#2)	++UE4+Release-4.22-CL-5660361
FileDescription	BootstrapPackagedGame
InternalName	UnrealEngine
OriginalFilename	BootstrapPackagedGame-Win64-Shipping.exe

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-Mar-31 06:09:41
Version	`0.0`
SizeofData	`65`
AddressOfRawData	`0x19754`
PointerToRawData	`0x18154`
Referenced File	BootstrapPackagedGame-Win64-Shipping.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2019-Mar-31 06:09:41
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x19798`
PointerToRawData	`0x18198`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2019-Mar-31 06:09:41
Version	`0.0`
SizeofData	`736`
AddressOfRawData	`0x197ac`
PointerToRawData	`0x181ac`

TLS Callbacks

Load Configuration

Size	`0x100`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14001c008`

RICH Header

XOR Key	`0x469f0ddc`
Unmarked objects	`0`
C objects (VS2017 v15.?.? build 25203)	`10`
ASM objects (VS2017 v15.?.? build 25203)	`5`
C++ objects (VS2017 v15.?.? build 25203)	`129`
C objects (VS 2015/2017 runtime 26706)	`16`
ASM objects (VS 2015/2017 runtime 26706)	`8`
C++ objects (VS 2015/2017 runtime 26706)	`42`
Imports (VS2017 v15.?.? build 25203)	`9`
Total imports	`101`
C++ objects (VS2017 v15.9.4 compiler 27025)	`1`
Resource objects (VS2017 v15.9.4 compiler 27025)	`1`
Linker (VS2017 v15.9.4 compiler 27025)	`1`

Errors

[*] Warning: The WIN_CERTIFICATE appears to be invalid.