Manalyze report for 74c772db7e1ead6315a160a67825751a

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Jan-19 07:15:32
Detected languages	English - United States
Debug artifacts	BootstrapPackagedGame-Win64-Shipping.pdb
CompanyName	Epic Games, Inc.
LegalCopyright	Copyright 1998-2018 Epic Games, Inc. All Rights Reserved.
ProductName	UE4Game
ProductVersion	`++UE4+Release-4.21-CL-4753647`
FileDescription	UE4Game
InternalName	UnrealEngine
OriginalFilename	BootstrapPackagedGame-Win64-Shipping.exe

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryExW` `Possibly launches other programs: CreateProcessW`
Suspicious	The file contains overlay data.	`123504 bytes of data starting at offset 0x2f590.` `The overlay data has an entropy of 7.3193 and is possibly compressed or encrypted.`
Suspicious	VirusTotal score: 1/70 (Scanned on 2019-08-13 08:46:36)	`Cylance: Unsafe`

Hashes

MD5	`74c772db7e1ead6315a160a67825751a`
SHA1	`850fa5b9f99a2061130bfd68b99c77b8002a7877`
SHA256	`a784277c7f3730d9e68d2cba37e50692b1a853256d60507907f5e3ca1e57a477`
SHA3	`4b8ee35920780d3911ac60e795975df444b18e6c413bca399c16fe2a8ad60de2`
SSDeep	`6144:SZ4b7C76LTVIEH8dt/a7DaKkvus5rfUZBCEkulGb:m4b7FVIXdeyx5rcaE2`
Imports Hash	`3e831cff6ab08c01acaea474749ec696`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2019-Jan-19 07:15:32
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xf600`
SizeOfInitializedData	`0x3de00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001AA4 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x52000`
SizeOfHeaders	`0x400`
Checksum	`0x3ea26`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x4c4b40`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`8b4a78890ea3fa0995a74571e33c607c`
SHA1	`4044263085c29b58db845d80ac7dded43f0d8b05`
SHA256	`1857d1cc3212d9b82a2e9ffda8cc4b78fbbc0fe7e4cb6183030f703221f263f5`
SHA3	`e0030b8cdc496d8db07fc5830675060cc4f0701e078d5d2a3421d98f0e2e49e6`
VirtualSize	`0xf560`
VirtualAddress	`0x1000`
SizeOfRawData	`0xf600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.45133`

.rdata

MD5	`f68533b320eb94ce7adb5b75248403fc`
SHA1	`9783d2c588b52b442cb0efe758e0f910813efe58`
SHA256	`0ad360e7c8f98117f6ed6a548b67820382388a633abbd034f7cfabcbd2b98bac`
SHA3	`af5278474b40ba586a5d83b6a5ad9706a719175c03a8968ae0facd48cacabedd`
VirtualSize	`0xa05e`
VirtualAddress	`0x11000`
SizeOfRawData	`0xa200`
PointerToRawData	`0xfa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.98578`

.data

MD5	`40cb0ed424b17ce073bc48540c3d25bf`
SHA1	`3f662a646d357ad66056ffd911985f92f65c98f2`
SHA256	`e81996a2d95e0e3ebbe3703bbf7c0546af2aacfce1183eef1209698c2f559cbe`
SHA3	`56e3c34fa10261f14431c16beee1ab1650e9e7ca82cc5c73ad304116dca3c98f`
VirtualSize	`0x1c60`
VirtualAddress	`0x1c000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x19c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.16608`

.pdata

MD5	`036347deb73839b2639244cc40131f59`
SHA1	`d777d280a089d6e2f1f124ba7e360aae3c139b3c`
SHA256	`d34e5d94e90982d4ec34d1062bd932c630f7658ac1b88980cc49748e915e9503`
SHA3	`f7477ac179af9f97bc6b131f17a17674a42f96b8e6d83520016ab8aaa22bd05a`
VirtualSize	`0xf54`
VirtualAddress	`0x1e000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1a600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.73826`

.rsrc

MD5	`39a37aefc809d07d86748c16675c85cb`
SHA1	`cdb2369994f9c2be7f70a3dedbbd60b9201481dc`
SHA256	`72953a3528ac2b149f24a7d3562241ac3890e87cfe2958893ef9006ff9401865`
SHA3	`58bbc9a073f284b0773bdce9d93bbe683ea2104bc3a9e8d85c05cdb75ed76730`
VirtualSize	`0x31890`
VirtualAddress	`0x1f000`
SizeOfRawData	`0x31a00`
PointerToRawData	`0x1b600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.66091`

.reloc

MD5	`84a0422516964261754703e68d2bf74a`
SHA1	`73f4dd8a9a78814ef930a7cc8229679701ac8d9e`
SHA256	`4914dca98ab5bccec9bd0c44c8c7c96bd4ad4520f854f86a626c751d9ee506c6`
SHA3	`d04f5213ed6273b6c04be364aaed827927f0a39892d0b0d30720d397b3288fb0`
VirtualSize	`0x64c`
VirtualAddress	`0x51000`
SizeOfRawData	`0x800`
PointerToRawData	`0x4d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.81757`

Imports

KERNEL32.dll	`GetFileAttributesW` `CloseHandle` `GetLastError` `WaitForSingleObject` `GetExitCodeProcess` `CreateProcessW` `GetModuleFileNameW` `LoadResource` `LockResource` `SizeofResource` `FindResourceW` `LoadLibraryW` `CreateFileW` `SetFilePointerEx` `GetConsoleMode` `GetConsoleCP` `FlushFileBuffers` `HeapReAlloc` `HeapSize` `GetProcessHeap` `LCMapStringW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `GetStartupInfoW` `GetModuleHandleW` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `GetStdHandle` `WriteFile` `MultiByteToWideChar` `WideCharToMultiByte` `ExitProcess` `GetModuleHandleExW` `GetACP` `HeapFree` `HeapAlloc` `GetFileType` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetStringTypeW` `WriteConsoleW`
USER32.dll	`wsprintfW` `MessageBoxW`
SHELL32.dll	`ShellExecuteExW`
SHLWAPI.dll	`PathCombineW` `PathRemoveFileSpecW` `PathCanonicalizeW`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1fc2c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99405`
Detected Filetype	PNG graphic file
MD5	`2a8ae4350d2528e03e2796bdc69a09e4`
SHA1	`6b5bb4acbd6447aabf90f7f74454b53e5f04f5c3`
SHA256	`aba8a49918ffb3cbbb0d5aef3650912895de37c3716e54d13fce2d7e62e688db`
SHA3	`2afc14e142f91829479d129f02b8acc251d10701742900435ce117cf821391eb`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.32621`
MD5	`a19c4eb6e7b1faa96b038d375fea54f3`
SHA1	`11da87665a11db070060945ba38e3cb6014b1471`
SHA256	`f7f2f69ea57422f6159e9f0cf9a784ad5488b8fdd6425459b69c9e02764b2d41`
SHA3	`bcfd651bd372dd3c975909a8f7c81045af1acd8e327d2cba3663b8dd2ad40a11`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.31122`
MD5	`7fc890b810d61e68577cc127a40f4cd3`
SHA1	`da3b329adfc29860c2e9cfd2a1ff5aeed41a025f`
SHA256	`fce72164e97bcfd200f5b15c8a64fff9912443ea32ab4e3005656f0accec402a`
SHA3	`5de53c059f570051f9d6f9cf62c8199a99f9d623b7ee9f4abadcc51cd5f958d8`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1a68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.98346`
MD5	`57aea54c58ee3d321b439a10465acfe7`
SHA1	`202a00eb4622c5600ebcfe08aa030cf36319f326`
SHA256	`ae01bfb1f63acbe1c5c719aa3f2ba177da06e93bb094ae32cf69d2715d77c6f8`
SHA3	`1634dcca13debce3335c27c32cf16ed6974c11de36cf4f617c0de908e25a3708`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.8626`
MD5	`f0c155eafba2c2d26790b0f1fd558fdf`
SHA1	`20d8355a72f2446f841363f3b8be1792dfc25b23`
SHA256	`6aa0fe78eb5b810f3ef5aa5bdc0f72d39338d85304ccdc07ee99c8aa2ec3c5f8`
SHA3	`4312bc701c3c97df9c12d8b68b0f0330a2a65a6d8fde3f9a9c747f358cb802f6`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.65159`
MD5	`29f0d74f3fdeb6bd6b1beec1cf376e96`
SHA1	`2ba6b8bda42ee46a50e86755e066389e5505e82a`
SHA256	`bfa29d39bd2906b5b5c7bb265580de6ae93e18698587d989a3bf9f64f348ab80`
SHA3	`5f4d784e6664af81ea692821bfc7aec5e83b56bb6bf4ee267eef8608e50098ae`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x6dba`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.96687`
Detected Filetype	PNG graphic file
MD5	`8059254f4a924ffe06540d79a8c07f28`
SHA1	`6421dbb12d7b3800661be808d6d7682c007bc3ff`
SHA256	`d29e6ce4975f3149e7c171782af13ab3ec8d49cd3a9ad8df6d2cf3228e0a7b36`
SHA3	`0b355a8b01f93b124b328ecb192f06ff50590f49a66f578ec6d5c01ac620294e`

101

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x12c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.9164`
MD5	`9a15da7f1c1f1aa9333aa4ee677f3925`
SHA1	`65b88a3c960392af5d60d733438cd70e1e1f824c`
SHA256	`0c06a38855f707490422197f2c7c31bff12ccd516729534ff20c493a1141bdcf`
SHA3	`afd2c702e404ac2e19fc12614b88349827b7c2e795230621904e14257cc5279e`

102

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x158`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.95683`
MD5	`9761db6885c8a9a1ee91bf739750efbe`
SHA1	`f374be3020c0a805a098b7e26243f91200f66d49`
SHA256	`dad3074783467cc9c9bb8d74b722bf654c7ab46ebb5f487e17c665ebab9f9431`
SHA3	`702a1ea160cd3f3711db19b9e3149923774a83fc5d629343ebdce570247d8b4a`

103

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xf8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.97166`
MD5	`899ae673afb778a8b81cd87de894d920`
SHA1	`aca03b171f35882283bc62734180d0547a70163e`
SHA256	`2eebf81954f3c44a30cecc57e8a4ec5573023d99a87de80731d80bb7cbcb4daf`
SHA3	`8887e1d949b8f86157ca95bf76521a69f6df74dd5aff09aa9254d7c3647c198d`

201

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.90127`
MD5	`c3f2f946afdedfe0bb54fad123d1d994`
SHA1	`358577808b04c9e171e1fe5bdae4202ceff98d4d`
SHA256	`ac5dbadbd3998b76792cf685127d244c336b156b1e29b9b7321138c6572dc237`
SHA3	`113f68d0f1526a4205ae72106c07892a89b7f2834d6abdb816793735ce87c18c`

202

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x12`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.32441`
MD5	`27de0596d6df22351ce91c56be89d017`
SHA1	`a3e836c289687a0489b02d942962dc082c72f227`
SHA256	`9ddde7e65a987e1c2e9068cc2efb5048d8af84cc551f8aae969e1796f1f82229`
SHA3	`a39c17d77978fe1d24fed351e10ec7605336b621ec5b2ca42673a24b21d89ff6`

101 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.59047`
Detected Filetype	Icon file
MD5	`ce2951332c0612b1475d4d3f5bed1c1c`
SHA1	`b33b23c8595120e968ef5668cf5602fc1067d895`
SHA256	`366bd90268618b406e0b7ce3cb2d9cb3de915dd345b341f61c0dc1ceddcbb7ff`
SHA3	`89d7d9a93d1acb142e6130a0d0c26e3dc3c83896ae06ee22777bbedb6defee0a`

123

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.86829`
Detected Filetype	Icon file
MD5	`377a924dac4dd315d5ed7bcece174ccf`
SHA1	`de007db68845ceaf787124b1c338836e7dfcd09a`
SHA256	`173129aa93a35076898aae0755064f7ff8d1c4ef18056c9fa97b7c1cf2448830`
SHA3	`1f34630dd6ecc4d5db9a6fe1a963b4a4329332fb55dcaf20687d1658c698c010`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x338`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.53047`
MD5	`32a9436d39010f9a0856c60f3b686679`
SHA1	`b0270e49b96776a4fc85d52a5892c48a238bb4c9`
SHA256	`3ad1e3801269078aff7ffba6ce5e5f1d802c2b77f9c516fe6c2074ca75a06739`
SHA3	`cc8d146452b70f11bbe6c3b59f4d4744da1ed12359157313634eee66e00bafbc`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x70e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.28199`
MD5	`f693ed7c5a88e122bf2bb8fa66d17c14`
SHA1	`757692e7896b5896e8feac863e37d9be7d25d005`
SHA256	`74f0aa5e7161a9ca7e2e7bd6c5bc48a7f0c65098adbf5d32b25a8428f4902ee2`
SHA3	`b0b695622b15b968fba5937ab6e97b0dfb12b4977d9644fbaa1eac1c86458d55`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	4.21.2.0
ProductVersion	4.21.2.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Epic Games, Inc.
LegalCopyright	Copyright 1998-2018 Epic Games, Inc. All Rights Reserved.
ProductName	UE4Game
ProductVersion (#2)	++UE4+Release-4.21-CL-4753647
FileDescription	UE4Game
InternalName	UnrealEngine
OriginalFilename	BootstrapPackagedGame-Win64-Shipping.exe

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-Jan-19 07:15:32
Version	`0.0`
SizeofData	`65`
AddressOfRawData	`0x19634`
PointerToRawData	`0x18034`
Referenced File	BootstrapPackagedGame-Win64-Shipping.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2019-Jan-19 07:15:32
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x19678`
PointerToRawData	`0x18078`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2019-Jan-19 07:15:32
Version	`0.0`
SizeofData	`736`
AddressOfRawData	`0x1968c`
PointerToRawData	`0x1808c`

TLS Callbacks

Load Configuration

Size	`0x100`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14001c000`

RICH Header

XOR Key	`0xe2d33873`
Unmarked objects	`0`
C objects (VS2017 v15.?.? build 25203)	`10`
ASM objects (VS2017 v15.?.? build 25203)	`5`
C++ objects (VS2017 v15.?.? build 25203)	`128`
ASM objects (VS2017 v15.?.? build 25930)	`9`
C objects (VS2017 v15.?.? build 25930)	`18`
C++ objects (VS2017 v15.?.? build 25930)	`39`
Imports (VS2017 v15.?.? build 25203)	`9`
Total imports	`100`
C++ objects (VS2017 v15.6.3-5 compiler 26129)	`1`
Resource objects (VS2017 v15.6.3-5 compiler 26129)	`1`
Linker (VS2017 v15.6.3-5 compiler 26129)	`1`

Errors

[*] Warning: The WIN_CERTIFICATE appears to be invalid.