Manalyze report for 865f8ebb92878ed409ff30e514170014

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Feb-24 21:09:17
Detected languages	English - United States
Debug artifacts	BootstrapPackagedGame-Win64-Shipping.pdb
CompanyName	Epic Games, Inc.
LegalCopyright	Copyright 1998-2019 Epic Games, Inc. All Rights Reserved.
ProductName	BootstrapPackagedGame
ProductVersion	`++UE4+Release-4.24-CL-11590370`
FileDescription	BootstrapPackagedGame
InternalName	UnrealEngine
OriginalFilename	BootstrapPackagedGame-Win64-Shipping.exe

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryExW` `Possibly launches other programs: CreateProcessW`
Suspicious	The file contains overlay data.	`57600 bytes of data starting at offset 0x30b00.` `The overlay data has an entropy of 7.01827 and is possibly compressed or encrypted.`
Safe	VirusTotal score: 0/75 (Scanned on 2024-08-11 15:48:11)	`All the AVs think this file is safe.`

Hashes

MD5	`865f8ebb92878ed409ff30e514170014`
SHA1	`1b014eeca834b483d63ff148a1d11076eff673d3`
SHA256	`79938be5e788d9bf854faff300eadfb873e36c51a64b167c912668cbf8589dd2`
SHA3	`efd591c6998da2c43031e1867101f69c69fe399ede8c684d57ca0b20c270381e`
SSDeep	`3072:nF2UNjVLnra7SAF0EKtMv+0eipbl/jZMhXKMc0q1bbd5cQClGXoD:gK5uWAF0VMFeMbl/kX1XsulGm`
Imports Hash	`1708064a8d6bd384eaa937e5d49d514b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2020-Feb-24 21:09:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xf400`
SizeOfInitializedData	`0x2f400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001A9C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x43000`
SizeOfHeaders	`0x400`
Checksum	`0x3dadb`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0xb71b00`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`32f592479c8eb6fee3bd5400c1840fcc`
SHA1	`7f67fb8274367a5935677cf16a68efdfb3c86003`
SHA256	`b58682c1259fd85aa772ba46c8e799b6929daef82929479159ad60824e2ca3bf`
SHA3	`4d35f9460b9fd79d560d9c6386dbc21ccd4030351a90ec631524dbbe1d64ce70`
VirtualSize	`0xf3c0`
VirtualAddress	`0x1000`
SizeOfRawData	`0xf400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.45385`

.rdata

MD5	`b90642d8a180cea99fa4421fb76483fb`
SHA1	`f1e466a7dd17214ab7f3aa3e25b5b07066a460c7`
SHA256	`b2e4c2dc80421f15551483ef616234fdae397a871870c8afea20038aee08ba3c`
SHA3	`98762cfe8cb54ca7e5262f000e1b6ef74e31d5e95f7cd9966fc3ade60693b7d7`
VirtualSize	`0xa166`
VirtualAddress	`0x11000`
SizeOfRawData	`0xa200`
PointerToRawData	`0xf800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.0061`

.data

MD5	`5782949dc352ebff5eaecd2605b4aa58`
SHA1	`41b69db5925485100f98b5ba36dee344810525ab`
SHA256	`a94c78fd80f791699db1427d663e5951174ec42dc66f24174a3cd04e902e6fbf`
SHA3	`02d6e1f03f3d4881a013efaa8e1dea226e9d72033f3cf17d984318b9052b71d6`
VirtualSize	`0x1c70`
VirtualAddress	`0x1c000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x19a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.15465`

.pdata

MD5	`915e05af9dec796cc91af418211e3ee1`
SHA1	`ef2ccd3637f95dd8942b2a93d76f43d8cd2c69ec`
SHA256	`a3d22248f53082dccecaf990d7d7014bb2ff28eba1d8e78aab3df17598d1a0eb`
SHA3	`be746b167062beb2765b4b27e74301d36982c7c3add840fa14d924a47a0c8b09`
VirtualSize	`0xf3c`
VirtualAddress	`0x1e000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1a400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.72483`

.rsrc

MD5	`330bb338e0eaddba6f076ed1345212e9`
SHA1	`8a189b6c9a7a785680c567459875f6e416b796bd`
SHA256	`e4ac2f4871a45befca0fe5dbcf40eae48526de224e2131af1da2db8a3a9ae86a`
SHA3	`f84f67a97e66068f0b38bcff9a7e03bc33df7595a8c2cde0bc561b6e5018c0e4`
VirtualSize	`0x22ffc`
VirtualAddress	`0x1f000`
SizeOfRawData	`0x23000`
PointerToRawData	`0x1b400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.24841`

.reloc

MD5	`fc4be7568a9e59d46e7a7a24305ec8bd`
SHA1	`5e6f10605de3e3675b810b85275377b46a822046`
SHA256	`0e02e5741982efc5bec9ede874653c15c2db855fe5669ad20492ee897e90c858`
SHA3	`84ae998e29e81fe46f202f2cfd06f3a99469580d5e233d049c6ccc7685c7f205`
VirtualSize	`0x63c`
VirtualAddress	`0x42000`
SizeOfRawData	`0x800`
PointerToRawData	`0x3e400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.80611`

Imports

KERNEL32.dll	`GetFileAttributesW` `CloseHandle` `GetLastError` `WaitForSingleObject` `GetExitCodeProcess` `CreateProcessW` `GetModuleFileNameW` `LoadResource` `LockResource` `SizeofResource` `FindResourceW` `LoadLibraryW` `WriteConsoleW` `CreateFileW` `SetFilePointerEx` `GetConsoleMode` `GetConsoleCP` `FlushFileBuffers` `HeapReAlloc` `HeapSize` `GetProcessHeap` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `GetStartupInfoW` `GetModuleHandleW` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `GetStdHandle` `WriteFile` `MultiByteToWideChar` `WideCharToMultiByte` `ExitProcess` `GetModuleHandleExW` `GetACP` `HeapFree` `HeapAlloc` `GetFileType` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetStringTypeW` `LCMapStringW`
USER32.dll	`wsprintfW` `MessageBoxW`
SHELL32.dll	`ShellExecuteExW`
SHLWAPI.dll	`PathCombineW` `PathRemoveFileSpecW` `PathCanonicalizeW`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.44665`
MD5	`960e89392feab3c29d0b13d60239518b`
SHA1	`9a5ad4778f37c2ac50cc2489dd6a14b6ed18125d`
SHA256	`f9e0cb18876e0392dc7dbfff4c3229ddb20e0e56a03278e4cd9b6ea95390b552`
SHA3	`5373d178c236b8858f94c541b3f5c32e04dc8eb5c4333e50f91898d6cdc5fcfa`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.2174`
MD5	`ac62ec3c0b56783f5cf2d20e533fc6bb`
SHA1	`34ed091bebba9bddb863d798f1c43c0680bfabfb`
SHA256	`930abe7e597b527addf6f9fd8252cea542cc685f3065b0e67062753a1c64d8f6`
SHA3	`d596bf80ff7f8147ee0b566da6ebd7dc1200390976589edd930f654314750155`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.89517`
MD5	`701f373cf56ff8eeb54a599c55c9ee2f`
SHA1	`17e5a51ffb7e53041e8d55fd1663bc20713f0e28`
SHA256	`a890fde70b3d33f295bab2cb37ba4d92627639977a32140e80b1265b2e443091`
SHA3	`f38572a9f558b6d2279e21a41c735dc227fbdf60b0157b2c571ea6d2c3b8c79b`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.71109`
MD5	`7e70c54ef72d30874b68f2d54453c24a`
SHA1	`3a4681f2debf046afb3a3232ef4d9bd4d52d79c9`
SHA256	`fdc86c78672d5d16f36035abf055c81e3f514333a8ddbbde1dc9ea2e6e579316`
SHA3	`50105b059dfe36838eba23f100e6158bbb8606a84b033d7f6c51f781744ce9d8`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x11e5`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.92131`
Detected Filetype	PNG graphic file
MD5	`ccdc5c940b639b9e7994be5354653dbf`
SHA1	`8ecce67d1f09ee3009a502e02e47458d806b181e`
SHA256	`23aec67210f999b927860bdedb1c10185e2933f90440a2f59ce551944e9952fe`
SHA3	`97cd6603b22d6e8ea7f9bcf85348bfe5ee499bd861ce26a168d2718189ce5282`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.65159`
MD5	`29f0d74f3fdeb6bd6b1beec1cf376e96`
SHA1	`2ba6b8bda42ee46a50e86755e066389e5505e82a`
SHA256	`bfa29d39bd2906b5b5c7bb265580de6ae93e18698587d989a3bf9f64f348ab80`
SHA3	`5f4d784e6664af81ea692821bfc7aec5e83b56bb6bf4ee267eef8608e50098ae`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x6dba`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.96687`
Detected Filetype	PNG graphic file
MD5	`8059254f4a924ffe06540d79a8c07f28`
SHA1	`6421dbb12d7b3800661be808d6d7682c007bc3ff`
SHA256	`d29e6ce4975f3149e7c171782af13ab3ec8d49cd3a9ad8df6d2cf3228e0a7b36`
SHA3	`0b355a8b01f93b124b328ecb192f06ff50590f49a66f578ec6d5c01ac620294e`

201

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x80`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.06712`
MD5	`7c6a6ed9597931aa8cdea236769e3f9c`
SHA1	`7cac2f0830aae25732ad30b054c03e7b08ee9f7d`
SHA256	`8405ac32eb5a2d711edbaa5d06cf562c3e81ac39ea4bc1fac78893a6effd7a74`
SHA3	`48c297cf19ed3f9fb66076632ceadb3bb129ff0fa7380b0b2daf4d3f8020cad2`

202

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.3899`
MD5	`049b06a6673767e85e4f68391c4f4543`
SHA1	`6cf78de520f46eb0f59e28f1f76a1697e1964f2e`
SHA256	`7aa6bab8ab2c2c81e589dc4bc190079e02eb9df91ed92b87ee7b90c65095c5d6`
SHA3	`9026eea112f384bb42ac582d9e488d8d419d10dcfcbe7108b1ccda76941d3889`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.67841`
Detected Filetype	Icon file
MD5	`3689b72104afd5b54d7032ae26925392`
SHA1	`9b79ef04f85c82d78b7000450c16d91ac8ea00e2`
SHA256	`58576b0e9f2d40ac1f9da4935183d2015634752da5a9820d503fff4afeee6a98`
SHA3	`7d7ee807fb4495fd81be65f92948fae202ef51ee2c246f9b4623e8b2e3d3a19e`

123

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.86829`
Detected Filetype	Icon file
MD5	`377a924dac4dd315d5ed7bcece174ccf`
SHA1	`de007db68845ceaf787124b1c338836e7dfcd09a`
SHA256	`173129aa93a35076898aae0755064f7ff8d1c4ef18056c9fa97b7c1cf2448830`
SHA3	`1f34630dd6ecc4d5db9a6fe1a963b4a4329332fb55dcaf20687d1658c698c010`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x374`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.52604`
MD5	`498447601c6ce6cf22220479485d0ad7`
SHA1	`3ca5adf0fc04f3f385fc1c95de20e5cc0b2bd0d2`
SHA256	`5d6acdc6562350e7d7caa7d2455e3be7ad28c3b3630d4d6eef00e2e3b6e63e98`
SHA3	`6ad36905ddc96a3eb544c0a07a62975595765815deabd3939f50beb63b69f635`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x70e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.28199`
MD5	`f693ed7c5a88e122bf2bb8fa66d17c14`
SHA1	`757692e7896b5896e8feac863e37d9be7d25d005`
SHA256	`74f0aa5e7161a9ca7e2e7bd6c5bc48a7f0c65098adbf5d32b25a8428f4902ee2`
SHA3	`b0b695622b15b968fba5937ab6e97b0dfb12b4977d9644fbaa1eac1c86458d55`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	4.24.3.0
ProductVersion	4.24.3.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Epic Games, Inc.
LegalCopyright	Copyright 1998-2019 Epic Games, Inc. All Rights Reserved.
ProductName	BootstrapPackagedGame
ProductVersion (#2)	++UE4+Release-4.24-CL-11590370
FileDescription	BootstrapPackagedGame
InternalName	UnrealEngine
OriginalFilename	BootstrapPackagedGame-Win64-Shipping.exe

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2020-Feb-24 21:09:17
Version	`0.0`
SizeofData	`65`
AddressOfRawData	`0x19754`
PointerToRawData	`0x17f54`
Referenced File	BootstrapPackagedGame-Win64-Shipping.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2020-Feb-24 21:09:17
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x19798`
PointerToRawData	`0x17f98`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2020-Feb-24 21:09:17
Version	`0.0`
SizeofData	`736`
AddressOfRawData	`0x197ac`
PointerToRawData	`0x17fac`

TLS Callbacks

Load Configuration

Size	`0x100`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14001c008`

RICH Header

XOR Key	`0x469f0e06`
Unmarked objects	`0`
C objects (VS2017 v15.?.? build 25203)	`10`
ASM objects (VS2017 v15.?.? build 25203)	`5`
C++ objects (VS2017 v15.?.? build 25203)	`129`
C objects (VS 2015/2017 runtime 26706)	`16`
ASM objects (VS 2015/2017 runtime 26706)	`8`
C++ objects (VS 2015/2017 runtime 26706)	`42`
Imports (VS2017 v15.?.? build 25203)	`9`
Total imports	`101`
C++ objects (VS2017 v15.9.14-15 compiler 27032)	`1`
Resource objects (VS2017 v15.9.14-15 compiler 27032)	`1`
Linker (VS2017 v15.9.14-15 compiler 27032)	`1`

Errors

[*] Warning: The WIN_CERTIFICATE appears to be invalid.
[*] Warning: Raw bytes from section .text could not be obtained.