Manalyze report for 40e893d931901eab330ebf014786ff07

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2056-Aug-21 19:10:33
Detected languages	English - United States
Debug artifacts	BootstrapPackagedGame-Win64-Shipping.pdb
CompanyName	Epic Games, Inc.
LegalCopyright	Fill out your copyright notice in the Description page of Project Settings.
ProductName	BootstrapPackagedGame
ProductVersion	`++UE5+Release-5.3-CL-29314046`
FileDescription	BootstrapPackagedGame
InternalName	UnrealEngine
OriginalFilename	BootstrapPackagedGame-Win64-Shipping.exe

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: adobe.com http://ns.adobe.com http://ns.adobe.com/photoshop/1.0/ http://ns.adobe.com/xap/1.0/ http://ns.adobe.com/xap/1.0/mm/ http://ns.adobe.com/xap/1.0/sType/ResourceEvent# http://purl.org http://www.w3.org http://www.w3.org/1999/02/22-rdf-syntax-ns# ns.adobe.com www.w3.org`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryExW` `Can access the registry: RegOpenKeyExW RegCloseKey RegQueryValueExW` `Possibly launches other programs: CreateProcessW`
Suspicious	The file contains overlay data.	`134200 bytes of data starting at offset 0x279c8.`
Safe	VirusTotal score: 0/72 (Scanned on 2026-02-19 05:28:49)	`All the AVs think this file is safe.`

Hashes

MD5	`40e893d931901eab330ebf014786ff07`
SHA1	`a5feaffe434a645471c3a120ed376358fadddbae`
SHA256	`7d7c4b7c91e3e1ad9b501434a26077db2dd33c9fe08e49e6fc5e59e38854ec5d`
SHA3	`75ccf8e40d3dd5d8cedeb6805a1bf59a7d607992b3971e655b1ab20bdc9bd80d`
SSDeep	`3072:d85tt3PY3TrQdVHqtd/P1sZeviNL5BXMLDnnqiHR7ivkOq3FFuqce2Ocd5pE:mlI4dVWd/PkzLLXlg9iG`
Imports Hash	`2e3e44ac6f091a23ef84e409c0ea9177`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2056-Aug-21 19:10:33
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xfc00`
SizeOfInitializedData	`0x38600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001CA8 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x4d000`
SizeOfHeaders	`0x400`
Checksum	`0x34ab0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0xb71b00`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c781938fb40c2f55174c782f5f996016`
SHA1	`0352c2452cc98b18a3e1f0b8d11a7c077afe71fb`
SHA256	`212a50cc50ec6be362e62bbb8648ef17070fbebbf8783129aa1862963154d44b`
SHA3	`650fa4cc393e5de4ba311d3775f466e3ce43e80245d90bb78bc27802e7f91d1b`
VirtualSize	`0xfbc0`
VirtualAddress	`0x1000`
SizeOfRawData	`0xfc00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.47565`

.rdata

MD5	`e36569410833eb0575486ab040d249ed`
SHA1	`838d5f3946bcdf40337f77fb5d16fd5e9cf8b504`
SHA256	`6d14d73b6c71ded468a5190b689570c71a13f0de77b162288deb2143400ec574`
SHA3	`c11e14779938a2b6c631ee874e4dda7fe87cb4eb21c55b57cac36335a990de9a`
VirtualSize	`0xa86e`
VirtualAddress	`0x11000`
SizeOfRawData	`0xaa00`
PointerToRawData	`0x10000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.91656`

.data

MD5	`647d4f681b293263f0339a00cc830f46`
SHA1	`ef7df578d8e96911c0a27fdf7a3ea67c3b1a81d0`
SHA256	`e3dcae833c799b03a9d3bd481a72259893a86947a778856cc2542adfbb741d72`
SHA3	`4388d7201cc6ecf575268897f9f52eaf64f3f1bdb583ca2687e51766020da126`
VirtualSize	`0x1d78`
VirtualAddress	`0x1c000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x1aa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.96703`

.pdata

MD5	`2b54438eaf67947958b8ccd122ae3d89`
SHA1	`b30ea5b7f8a79aa549110369072c8ba729d01cad`
SHA256	`7e472d6e750a0188b8ec23db0eb4407907b8ddfa294e0b870df75dd7354f2669`
SHA3	`46c00c872ea9627f3633dc6b1b989af98517ea3a6367384fca0bdcf5a2aaf884`
VirtualSize	`0xf84`
VirtualAddress	`0x1e000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1b600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.77472`

_RDATA

MD5	`2851ab45dfabaf770e5631ccfadc5b6e`
SHA1	`2b0fd39641f0efdc2c6022c7c744de14757bf099`
SHA256	`98a79a8cefe82ff81d6246241c118f56bc6ce44fd4342c16e3b2d9186f9469e7`
SHA3	`1f36bd637217e347915985aad426dbb71017dc36a31b3971d8141c9b1f4d4f67`
VirtualSize	`0x15c`
VirtualAddress	`0x1f000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1c600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.82622`

.rsrc

MD5	`d1baac3912fb7a2244aebb1391e7eeed`
SHA1	`8259647fe80b66b48018bd3a8e81286725213cf1`
SHA256	`173500a6fd3754d642c90438d7f9e6ae28041f673ed5cae10d17bcdedec23e19`
SHA3	`1c46e6b26e67c231d8defdbcf445786f1432f1f8428f71ea230f354bee2e733c`
VirtualSize	`0x2b44c`
VirtualAddress	`0x20000`
SizeOfRawData	`0x2b600`
PointerToRawData	`0x1c800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.86349`

.reloc

MD5	`5469dd9b70897b2bd1fef8da64e99f06`
SHA1	`ce9b35b886af1fcafa1ccd855baeb2ed9dcafe2a`
SHA256	`8df697158ff306708de7a70adef6104b94b73609b7171ca575976f14afb8c1f6`
SHA3	`719260d556db08dd1b3adfd7b8403a7f7a73dd3730312fe87b96d11e3b91b694`
VirtualSize	`0x694`
VirtualAddress	`0x4c000`
SizeOfRawData	`0x800`
PointerToRawData	`0x47e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.9459`

Imports

KERNEL32.dll	`GetExitCodeProcess` `CreateProcessW` `GetModuleFileNameW` `LoadResource` `LockResource` `WaitForSingleObject` `FindResourceW` `LoadLibraryW` `CreateFileW` `GetConsoleMode` `GetLastError` `CloseHandle` `SizeofResource` `GetFileAttributesW` `GetConsoleCP` `FlushFileBuffers` `HeapReAlloc` `HeapSize` `SetFilePointerEx` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `GetStartupInfoW` `GetModuleHandleW` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `GetStdHandle` `WriteFile` `ExitProcess` `GetModuleHandleExW` `HeapFree` `HeapAlloc` `GetFileType` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetStringTypeW` `LCMapStringW` `GetProcessHeap` `WriteConsoleW`
USER32.dll	`wsprintfW` `MessageBoxW`
ADVAPI32.dll	`RegOpenKeyExW` `RegCloseKey` `RegQueryValueExW`
SHELL32.dll	`ShellExecuteExW`
SHLWAPI.dll	`PathCombineW` `PathRemoveFileSpecW` `PathCanonicalizeW`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.07882`
MD5	`b2ef4343b32458f614556faf2f01e405`
SHA1	`87a17300e5ff4faf68137f8d3bf5447b1155c5c4`
SHA256	`7ca28ca0f08c6fcfcc9f983ff21afa5a1a55e660e362bc3f999aed319ad3b4c7`
SHA3	`bad28f142baa0b3b9e54eaa4752609ea4bcd47a11ac4442d7dca6bcfb5ab3b67`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x98f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.91141`
Detected Filetype	PNG graphic file
MD5	`bef45cf74ce0e6af1083e7ad651daa2f`
SHA1	`f2b6ff7137a11ced55a45484597b71def44492d1`
SHA256	`b6f068b2ff5f3831494b913e9bfff69349c88087205579a6b9a96c167e524e60`
SHA3	`13913a986a0d6d489bc9c049310f3d9cc2e543d8ab9bffac1b92c87b672eab2d`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x9e7`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.00143`
Detected Filetype	PNG graphic file
MD5	`5308d41a3c949ba0599038317e2c042e`
SHA1	`4f62cd9108deb0a2b2af1a83a5d9d04ce3f149a9`
SHA256	`c10cdd1b627ee53548140c4a255032d39dfb0039413b5c1b9765a1fa0d3f27a9`
SHA3	`eedc41d70787700439e368b8be2ad33f0ed514fff34eb12649aa8dbb6580d493`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xbdd`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.22958`
Detected Filetype	PNG graphic file
MD5	`e592ecd29b8047d0a19d511e1bfa77d4`
SHA1	`25d32e28490be0bf188f6b1c184a996cb466c63e`
SHA256	`bd35429f29158026133e8d2d7b0a5d295913934c6bd8c4d8f2c1457bb824ad11`
SHA3	`072f081abda262627317d936fdfed74e284231e5cd6d38f95131558b2382ac54`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xcac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.34056`
Detected Filetype	PNG graphic file
MD5	`2d7063768024087fc9677df50060499e`
SHA1	`286ce58ffccdfcba5ad60d11af2db07f987d0a48`
SHA256	`521e6a42b587f6e9b964ba2a14c93bfadd94f1f06a2560ed09a7e7dd5043c61e`
SHA3	`e1724a3a38c17996aea1e777df540d48d98e6c21b1d78d92c318e7f9e50533ee`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xdcb`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.41581`
Detected Filetype	PNG graphic file
MD5	`7bf36c29bcb6b5839d85c9c836216593`
SHA1	`86e7a55cacd17d1bda55a1a1de5a03adcba06c2b`
SHA256	`7a96ab7db1fa191a6bd087497c2f55239d7cda01dcc226e742daa80c5bc37de2`
SHA3	`72655fed7cd84d2c2de3957446a52a6a22dff86ca62a37d4e8586e86a1e613f0`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1b13`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.73886`
Detected Filetype	PNG graphic file
MD5	`1f48923337871ba25cf266bba17429cc`
SHA1	`279f47235e20eedee5daa535ea611e0aed1157d0`
SHA256	`2399dfb472a6c753447b847fbb144235145ca6507a60941b5295389c6fc45639`
SHA3	`06825c34eb7fe14d622735aa986a3e26247e95d5493a5b22eb3884f51b155493`

201

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.0283`
MD5	`86d89a5328a5df3775aa7bab3aefe668`
SHA1	`f4618ee8b2887ab95b32a0e727ec06ff4e5f46e0`
SHA256	`c74980e3da9ae94834c62858b64d1f1a5221afafb3c702a4fc541476f7174b4e`
SHA3	`8eb17323d61eb345d775febe3ea8cc3d662f61f53d6901a2645c409c3c452c8c`

202

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x50`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.77392`
MD5	`0d50dfd21c137758c5fb77d0df0edfa2`
SHA1	`5436c4aa640897c6f02f78804d78a461cdf06c96`
SHA256	`251cba51248f2dd4786a6d3f11f68bfae257bdcffb546d2700eb95f8e7b3580c`
SHA3	`0c4cf06367247233b274344dbd64782419524a4b7fe41b71a1c652bfdda1e460`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.16096`
Detected Filetype	Icon file
MD5	`ef86e6a3255550f2ebe1e7d33675098b`
SHA1	`70fd1f36660ad9994e3bd8051687e3b0b9fdcf82`
SHA256	`20ecc56bce96a8917fd12fa301a09ad1a85168eeb1159726152f0a83c7a57ba6`
SHA3	`a9692d86a7c86f839e16390c9d6dd8e7c278ed551021a4ba7db859b871afe032`

123

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.93324`
Detected Filetype	Icon file
MD5	`26e4bbdda9f8e58b060feaa53c3083e2`
SHA1	`bd724469fc43a9a58679a7016c303a5693fe9f94`
SHA256	`74c73b469e08909c1b539a80c66cb442d04b3c29cd03e8a533a3c349c5cc84c4`
SHA3	`49df4b8afdcf81a2097c2608740540f7e25ce3aa86c892702db1183998142c1b`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x394`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.49358`
MD5	`77ecaf2db2be0868f03cd4298c5c32fc`
SHA1	`55f1ccfc68c6515d930e287ee2bb7a630a5b490e`
SHA256	`3d7b81f3e38e3dccf7f387764f1b55014eb621d11d14dca6d6738fe40535c109`
SHA3	`545f6dcfd1f11eaa5e907c2bb9ebf59c0ac03f3ce16ee041fdfa5d3b59a82fb7`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x580`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.29956`
MD5	`c61240657e13443faa673941f5309de2`
SHA1	`c0fbe2a825d7b0526747bf774f0924ded81b7462`
SHA256	`527ba3511f5e6271211343cd03168ec681b1afc356ed87eeece038bbd480731b`
SHA3	`e61279125dbdfd1216bc206250bdaf599743f063b1fb74df33968dee1f3c874d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	5.3.2.0
ProductVersion	5.3.2.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Epic Games, Inc.
LegalCopyright	Fill out your copyright notice in the Description page of Project Settings.
ProductName	BootstrapPackagedGame
ProductVersion (#2)	++UE5+Release-5.3-CL-29314046
FileDescription	BootstrapPackagedGame
InternalName	UnrealEngine
OriginalFilename	BootstrapPackagedGame-Win64-Shipping.exe

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2056-Aug-21 19:10:33
Version	`0.0`
SizeofData	`65`
AddressOfRawData	`0x19d48`
PointerToRawData	`0x18d48`
Referenced File	BootstrapPackagedGame-Win64-Shipping.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2056-Aug-21 19:10:33
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x19d8c`
PointerToRawData	`0x18d8c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2056-Aug-21 19:10:33
Version	`0.0`
SizeofData	`796`
AddressOfRawData	`0x19da0`
PointerToRawData	`0x18da0`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2056-Aug-21 19:10:33
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x1a0bc`
PointerToRawData	`0x190bc`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14001c008`

RICH Header

XOR Key	`0x841c4232`
Unmarked objects	`0`
C objects (VS2017 v14.15 compiler 26715)	`10`
ASM objects (VS2017 v14.15 compiler 26715)	`5`
C++ objects (VS2017 v14.15 compiler 26715)	`136`
C objects (32420)	`16`
ASM objects (32420)	`9`
C++ objects (32420)	`43`
Imports (VS2017 v14.15 compiler 26715)	`11`
Total imports	`102`
C++ objects (VS2022 Update 6 (17.6.4) compiler 32537)	`1`
Resource objects (VS2022 Update 6 (17.6.4) compiler 32537)	`1`
151	`1`
Linker (VS2022 Update 6 (17.6.4) compiler 32537)	`1`

Errors

[*] Warning: The WIN_CERTIFICATE appears to be invalid.