Manalyze report for 616b80c0d6bb1f48b53f82340a2ae061a0a85f486c93da50355d151990243509

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2003-Sep-13 13:48:51
Detected languages	English - United States
Debug artifacts	BootstrapPackagedGame-Win64-Shipping.pdb
CompanyName	Epic Games, Inc.
LegalCopyright	Fill out your copyright notice in the Description page of Project Settings.
ProductName	BootstrapPackagedGame
ProductVersion	`++UE5+Release-5.4-CL-35576357`
FileDescription	BootstrapPackagedGame
InternalName	UnrealEngine
OriginalFilename	BootstrapPackagedGame-Win64-Shipping.exe

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: adobe.com http://ns.adobe.com http://ns.adobe.com/photoshop/1.0/ http://ns.adobe.com/xap/1.0/ http://ns.adobe.com/xap/1.0/mm/ http://ns.adobe.com/xap/1.0/sType/ResourceEvent# http://purl.org http://www.w3.org http://www.w3.org/1999/02/22-rdf-syntax-ns# ns.adobe.com www.w3.org`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryExW` `Can access the registry: RegOpenKeyExW RegCloseKey RegQueryValueExW` `Possibly launches other programs: CreateProcessW`
Suspicious	VirusTotal score: 2/71 (Scanned on 2026-04-06 15:58:37)	`Jiangmin: HackTool.AmsiETWPatch.cn` `Rising: Trojan.Generic!8.C3 (C64:YzY0OscP5Nhzuyq3)`

Hashes

MD5	`6c9884f65b74d3dde65f7aabadbc926c`
SHA1	`386fa67ae36223c98b32be77f9807b24023ab373`
SHA256	`616b80c0d6bb1f48b53f82340a2ae061a0a85f486c93da50355d151990243509`
SHA3	`aca9e33f985aa6f02dfb0a1f7109213eb81b698cd029b017fa16cb60b60758c7`
SSDeep	`3072:73rTYT6Xyfd+ux9IfBqsmx/LpHQvLq/Zr9CSeOcd5ME:bYT6E0cmYsmr4X`
Imports Hash	`efcf1052e12adb55a48955419dcfea0d`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2003-Sep-13 13:48:51
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x11200`
SizeOfInitializedData	`0x14400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001E88 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x2b000`
SizeOfHeaders	`0x400`
Checksum	`0x38095`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0xb71b00`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`6b908a82832b8216e9e459bbed9c16fc`
SHA1	`213af0d009a952c3b58483fb6936001e6acf8e61`
SHA256	`ade9a9c9b6c74572ff746d691ff92be89594a6d0b4f646165ef75e6f012c97ba`
SHA3	`f5dd414b9b02479a9e14b1fc6b111d2aa2ccdb700801eee1d03a8fcb48243846`
VirtualSize	`0x111c0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x11200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.50709`

.rdata

MD5	`ed4ab003bd4840f256aef7f977b49620`
SHA1	`4579074d539977b38a24b8f2b0ef7343547afb96`
SHA256	`bc4d4559b110339726dde9b957babfcb3cebc681606561294eb852243e153faf`
SHA3	`8c86ce727ff7bb82b24e2e8b61d553843d29425ff1f239a57b7b9a4ee76e5ab4`
VirtualSize	`0xae1a`
VirtualAddress	`0x13000`
SizeOfRawData	`0xb000`
PointerToRawData	`0x11600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.85511`

.data

MD5	`7df8154ac41703d7ecf6d5ff99a9abb1`
SHA1	`3e7cb8eb7fe9a7b81c12046d2dd5ff083120a70c`
SHA256	`44ceb42680e2a9c861f8092580952f6c3788ae6a87d1ca2642857476802b6b72`
SHA3	`cb1e713fcd242aa8e421230903a145439d6b05ddfe61d58cc6e873bf45e55ab0`
VirtualSize	`0x1dc8`
VirtualAddress	`0x1e000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x1c600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.97888`

.pdata

MD5	`cb9bbf57df09648b059b780ec711455a`
SHA1	`685f176e4bbcab4c7184d5b7bbfe034e80180117`
SHA256	`90f9275a73654fd079e3b048a34c4074b4218d54c45b6871e2c9f18880912be4`
SHA3	`eafb4389f6c88c7bac22b3b4acd0e5205a08cc70018fb2fbe2c4c07361c3cfd2`
VirtualSize	`0x1014`
VirtualAddress	`0x20000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x1d200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.55306`

_RDATA

MD5	`61f3e2216eb1cfc643297a01421a8e5d`
SHA1	`7269204be79da948bd7ec1c06466eee345d5778c`
SHA256	`484fadac7ded393f335190325f4be7181692a3a71a163af61d86e9171d42054e`
SHA3	`90c557b4b54cd9d22915fda1ef6524f6bc7f91e318190eff105995a6ad25c390`
VirtualSize	`0x1f4`
VirtualAddress	`0x22000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1e400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.70405`

.rsrc

MD5	`cff132f51a8b48a62814dbb5c8942ed8`
SHA1	`5daf24e6df0ef1d08ebf8073652606b3e98a4225`
SHA256	`6c6bf2755fd58dc82e8f86eb684a8dcd78bdff2f613000bb53f8e7ae885fae36`
SHA3	`230a5c93b31f6730caff973a147acff12982fa132124b494cafa949990c95cb3`
VirtualSize	`0x6a48`
VirtualAddress	`0x23000`
SizeOfRawData	`0x6c00`
PointerToRawData	`0x1e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.24725`

.reloc

MD5	`0a4f81baa47357f80afcba2318410954`
SHA1	`b73e093e0fefff60eceb71258e97e2f6425cef93`
SHA256	`fe0eb8e94a1e3a0aad5ecb1f8361de0b2d52a7fad6113736d12ba0be9beb9ee9`
SHA3	`659668758f2fb75e1ca401c9bfcb44696f331cff8eae060664d6293dfa5fcaf8`
VirtualSize	`0x68c`
VirtualAddress	`0x2a000`
SizeOfRawData	`0x800`
PointerToRawData	`0x25200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.96413`

Imports

KERNEL32.dll	`GetExitCodeProcess` `CreateProcessW` `FreeLibrary` `GetModuleFileNameW` `LoadResource` `LockResource` `WaitForSingleObject` `FindResourceW` `LoadLibraryW` `WriteConsoleW` `CreateFileW` `GetLastError` `CloseHandle` `SizeofResource` `GetFileAttributesW` `GetConsoleMode` `GetConsoleOutputCP` `FlushFileBuffers` `HeapReAlloc` `HeapSize` `SetFilePointerEx` `GetProcessHeap` `LCMapStringW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `GetStartupInfoW` `GetModuleHandleW` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetProcAddress` `LoadLibraryExW` `GetStdHandle` `WriteFile` `ExitProcess` `GetModuleHandleExW` `HeapFree` `HeapAlloc` `GetFileType` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetStringTypeW`
USER32.dll	`MessageBoxW` `wsprintfW`
ADVAPI32.dll	`RegOpenKeyExW` `RegCloseKey` `RegQueryValueExW`
SHELL32.dll	`ShellExecuteExW`
SHLWAPI.dll	`PathCanonicalizeW` `PathRemoveFileSpecW` `PathCombineW`
VERSION.dll	`GetFileVersionInfoW` `VerQueryValueW` `GetFileVersionInfoSizeW`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x7cc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.47242`
Detected Filetype	PNG graphic file
MD5	`bbc79abe5bf55b2147f03652d77f400a`
SHA1	`02d3ed8d564dc353386d9b9a189786fd759d25d6`
SHA256	`16197bc88f2ec77ad2690fae280bf3584c54c7d7b018d8fa4086b7c00fd4effc`
SHA3	`bd3ecc69926e52944fedbd98a52b5d52520473285bb296f7e2ffccbc5701a9c8`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x98f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.91141`
Detected Filetype	PNG graphic file
MD5	`bef45cf74ce0e6af1083e7ad651daa2f`
SHA1	`f2b6ff7137a11ced55a45484597b71def44492d1`
SHA256	`b6f068b2ff5f3831494b913e9bfff69349c88087205579a6b9a96c167e524e60`
SHA3	`13913a986a0d6d489bc9c049310f3d9cc2e543d8ab9bffac1b92c87b672eab2d`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x9e7`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.00143`
Detected Filetype	PNG graphic file
MD5	`5308d41a3c949ba0599038317e2c042e`
SHA1	`4f62cd9108deb0a2b2af1a83a5d9d04ce3f149a9`
SHA256	`c10cdd1b627ee53548140c4a255032d39dfb0039413b5c1b9765a1fa0d3f27a9`
SHA3	`eedc41d70787700439e368b8be2ad33f0ed514fff34eb12649aa8dbb6580d493`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xbdd`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.22958`
Detected Filetype	PNG graphic file
MD5	`e592ecd29b8047d0a19d511e1bfa77d4`
SHA1	`25d32e28490be0bf188f6b1c184a996cb466c63e`
SHA256	`bd35429f29158026133e8d2d7b0a5d295913934c6bd8c4d8f2c1457bb824ad11`
SHA3	`072f081abda262627317d936fdfed74e284231e5cd6d38f95131558b2382ac54`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xcac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.34056`
Detected Filetype	PNG graphic file
MD5	`2d7063768024087fc9677df50060499e`
SHA1	`286ce58ffccdfcba5ad60d11af2db07f987d0a48`
SHA256	`521e6a42b587f6e9b964ba2a14c93bfadd94f1f06a2560ed09a7e7dd5043c61e`
SHA3	`e1724a3a38c17996aea1e777df540d48d98e6c21b1d78d92c318e7f9e50533ee`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xdcb`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.41581`
Detected Filetype	PNG graphic file
MD5	`7bf36c29bcb6b5839d85c9c836216593`
SHA1	`86e7a55cacd17d1bda55a1a1de5a03adcba06c2b`
SHA256	`7a96ab7db1fa191a6bd087497c2f55239d7cda01dcc226e742daa80c5bc37de2`
SHA3	`72655fed7cd84d2c2de3957446a52a6a22dff86ca62a37d4e8586e86a1e613f0`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1b13`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.73886`
Detected Filetype	PNG graphic file
MD5	`1f48923337871ba25cf266bba17429cc`
SHA1	`279f47235e20eedee5daa535ea611e0aed1157d0`
SHA256	`2399dfb472a6c753447b847fbb144235145ca6507a60941b5295389c6fc45639`
SHA3	`06825c34eb7fe14d622735aa986a3e26247e95d5493a5b22eb3884f51b155493`

201

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x94`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.11285`
MD5	`b3163d606ced386cb844668d140037d8`
SHA1	`e886ec82803bb4a38c98439131604c87a24d9336`
SHA256	`975ec38d8cae45d35f266606c8eb6ff9cc0c03037e9503e7d89405509722481a`
SHA3	`41dc0d85be820073b6a36c2a49a526ab47ed6bcd1baa85c56d6ad18514703dd3`

202

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x28`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.67822`
MD5	`660281da96bb35a4b10659b77b10d9e7`
SHA1	`a80d7c3f0d61170b5ee7e4959f07453244e18f46`
SHA256	`5a49e0629b9307c7c7fe972b901c9c1b73bf86ca932c8ddc6bea8b7aba5f1c94`
SHA3	`67f931bc05348b2ef50d9b2b11c58d1780cfa7bb102457d6d17b4fbf86729bd6`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.93324`
Detected Filetype	Icon file
MD5	`26e4bbdda9f8e58b060feaa53c3083e2`
SHA1	`bd724469fc43a9a58679a7016c303a5693fe9f94`
SHA256	`74c73b469e08909c1b539a80c66cb442d04b3c29cd03e8a533a3c349c5cc84c4`
SHA3	`49df4b8afdcf81a2097c2608740540f7e25ce3aa86c892702db1183998142c1b`

123

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.93324`
Detected Filetype	Icon file
MD5	`26e4bbdda9f8e58b060feaa53c3083e2`
SHA1	`bd724469fc43a9a58679a7016c303a5693fe9f94`
SHA256	`74c73b469e08909c1b539a80c66cb442d04b3c29cd03e8a533a3c349c5cc84c4`
SHA3	`49df4b8afdcf81a2097c2608740540f7e25ce3aa86c892702db1183998142c1b`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x394`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.48549`
MD5	`9b5c434f5d8efb261899c6a70a920b0c`
SHA1	`0bd87585716393ebd1a80ef6bd60592c048e19c3`
SHA256	`23364121a37a66faca100b25541d61c0a2a2ac2699ddcad434f1b424c82fa894`
SHA3	`16b03d97b153df0c1acca9c83723e02113a5819618fdc46278aacaafd6f612ba`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x580`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.29956`
MD5	`c61240657e13443faa673941f5309de2`
SHA1	`c0fbe2a825d7b0526747bf774f0924ded81b7462`
SHA256	`527ba3511f5e6271211343cd03168ec681b1afc356ed87eeece038bbd480731b`
SHA3	`e61279125dbdfd1216bc206250bdaf599743f063b1fb74df33968dee1f3c874d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	5.4.4.0
ProductVersion	5.4.4.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Epic Games, Inc.
LegalCopyright	Fill out your copyright notice in the Description page of Project Settings.
ProductName	BootstrapPackagedGame
ProductVersion (#2)	++UE5+Release-5.4-CL-35576357
FileDescription	BootstrapPackagedGame
InternalName	UnrealEngine
OriginalFilename	BootstrapPackagedGame-Win64-Shipping.exe

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2003-Sep-13 13:48:51
Version	`0.0`
SizeofData	`65`
AddressOfRawData	`0x1c1c8`
PointerToRawData	`0x1a7c8`
Referenced File	BootstrapPackagedGame-Win64-Shipping.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2003-Sep-13 13:48:51
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x1c20c`
PointerToRawData	`0x1a80c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2003-Sep-13 13:48:51
Version	`0.0`
SizeofData	`836`
AddressOfRawData	`0x1c220`
PointerToRawData	`0x1a820`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2003-Sep-13 13:48:51
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x1c58c`
PointerToRawData	`0x1ab8c`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14001e000`

RICH Header

XOR Key	`0xc77b425c`
Unmarked objects	`0`
C objects (27412)	`11`
ASM objects (27412)	`5`
C++ objects (27412)	`138`
Unmarked objects (#2)	`1`
C objects (VS 2015-2022 runtime 33030)	`16`
ASM objects (VS 2015-2022 runtime 33030)	`17`
C++ objects (VS 2015-2022 runtime 33030)	`43`
Imports (27412)	`13`
Total imports	`105`
C++ objects (VS2022 Update 8 (17.8.0-2) compiler 33130)	`1`
Resource objects (VS2022 Update 8 (17.8.0-2) compiler 33130)	`1`
151	`1`
Linker (VS2022 Update 8 (17.8.0-2) compiler 33130)	`1`

Errors

[*] Warning: The WIN_CERTIFICATE appears to be invalid.

Leave a comment

No comments yet.