Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2023-Jun-01 16:32:36 |
Detected languages |
English - United States
|
TLS Callbacks | 2 callback(s) detected. |
Debug artifacts |
D:\git-sdk-32-build-installers\usr\src\MINGW-packages\mingw-w64-git\src\git\git.pdb
|
CompanyName | The Git Development Community |
FileDescription | Git for Windows |
InternalName | git |
OriginalFilename | git.exe |
ProductName | Git |
ProductVersion | 2.41.0.windows.1 |
FileVersion | 2.41.0.windows.1 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to system / monitoring tools:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to SHA1
Uses constants related to SHA256 |
Suspicious | The PE is possibly packed. |
Unusual section name found: /4
Unusual section name found: .debug |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: Johannes Schindelin
Issuer: Sectigo Public Code Signing CA R36 |
Safe | VirusTotal score: 0/71 (Scanned on 2023-07-18 15:09:21) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x80 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 12 |
TimeDateStamp | 2023-Jun-01 16:32:36 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 2.0 |
SizeOfCode | 0x2d2400 |
SizeOfInitializedData | 0x3e3600 |
SizeOfUninitializedData | 0x37e00 |
AddressOfEntryPoint | 0x000013E0 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x2d4000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 1.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x423000 |
SizeOfHeaders | 0x600 |
Checksum | 0x3eba07 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x200000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
ADVAPI32.dll |
AdjustTokenPrivileges
AllocateAndInitializeSid CheckTokenMembership ConvertSidToStringSidA CopySid EqualSid FreeSid GetLengthSid GetNamedSecurityInfoW GetTokenInformation GetUserNameW InitializeSecurityDescriptor IsValidSid IsWellKnownSid LookupPrivilegeValueA OpenProcessToken RegCloseKey RegOpenKeyExA RegQueryValueExA SetEntriesInAclA SetSecurityDescriptorDacl SystemFunction036 |
---|---|
libiconv-2.dll |
libiconv
libiconv_close libiconv_open |
libintl-8.dll |
__printf__
libintl_bind_textdomain_codeset libintl_bindtextdomain libintl_fprintf libintl_gettext libintl_ngettext libintl_setlocale libintl_snprintf libintl_swprintf libintl_textdomain libintl_vfprintf libintl_vprintf libintl_vsnprintf |
KERNEL32.dll |
CancelIoEx
CloseHandle ConnectNamedPipe CopyFileW CreateEventA CreateEventW CreateFileA CreateFileMappingA CreateFileW CreateHardLinkW CreateNamedPipeW CreatePipe CreateProcessW CreateRemoteThread CreateSymbolicLinkW CreateThread CreateToolhelp32Snapshot DeleteCriticalSection DeleteFileW DeleteProcThreadAttributeList DeviceIoControl DisconnectNamedPipe DuplicateHandle EnterCriticalSection FillConsoleOutputCharacterA FindClose FindFirstFileW FindFirstVolumeW FindNextFileW FindNextVolumeW FindVolumeClose FlsAlloc FlsFree FlsSetValue FlushFileBuffers FormatMessageW FreeConsole FreeEnvironmentStringsW FreeLibrary GetConsoleMode GetConsoleScreenBufferInfo GetCurrentDirectoryW GetCurrentProcess GetCurrentProcessId GetCurrentProcessorNumber GetCurrentThreadId GetDiskFreeSpaceExA GetDiskFreeSpaceExW GetDriveTypeW GetEnvironmentStringsW GetEnvironmentVariableA GetEnvironmentVariableW GetExitCodeProcess GetFileAttributesExW GetFileAttributesW GetFileInformationByHandle GetFileInformationByHandleEx GetFileSizeEx GetFileType GetFinalPathNameByHandleW GetFullPathNameA GetFullPathNameW GetHandleInformation GetLargePageMinimum GetLastError GetLongPathNameW GetModuleHandleA GetModuleHandleW GetNamedPipeHandleStateA GetNumaHighestNodeNumber GetNumaNodeProcessorMask GetNumberOfConsoleInputEvents GetOverlappedResult GetProcAddress GetProcessHeap GetProcessId GetProcessTimes GetShortPathNameW GetStdHandle GetSystemDirectoryW GetSystemInfo GetSystemTimeAsFileTime GetTickCount64 GetVersion GetVolumeInformationA GetVolumeInformationW GlobalMemoryStatusEx HeapAlloc HeapFree InitializeConditionVariable InitializeCriticalSection InitializeProcThreadAttributeList IsDebuggerPresent IsProcessorFeaturePresent IsWow64Process LeaveCriticalSection LoadLibraryA LoadLibraryExA LoadLibraryW LocalAlloc LocalFree MapViewOfFileEx MoveFileExW OpenProcess PeekConsoleInputA PeekNamedPipe Process32First Process32Next QueryPerformanceCounter QueryPerformanceFrequency ReadDirectoryChangesW ReadFile ResetEvent SetConsoleCtrlHandler SetConsoleMode SetConsoleTextAttribute SetEndOfFile SetEnvironmentVariableW SetEvent SetFileAttributesW SetFilePointer SetFileTime SetLastError SetNamedPipeHandleState SetStdHandle SetUnhandledExceptionFilter Sleep SleepConditionVariableCS SleepEx TerminateProcess TlsAlloc TlsFree TlsGetValue TlsSetValue UnmapViewOfFile UpdateProcThreadAttribute VirtualAlloc VirtualFree VirtualProtect VirtualQuery VirtualUnlock WaitForMultipleObjects WaitForSingleObject WaitNamedPipeW WakeAllConditionVariable WakeConditionVariable WideCharToMultiByte WriteConsoleA WriteConsoleW WriteFile |
msvcrt.dll |
__mb_cur_max
__p__commode __p__fmode __set_app_type __setusermatherr __wgetmainargs __winitenv _amsg_exit _assert _beginthreadex _cexit _close _commit _dup _dup2 _endthreadex _errno _execl _execlp _fdopen _fileno _fileno _flushall _get_osfhandle _getpid _initterm _iob _isatty _lseeki64 _onexit _open_osfhandle _read _rmdir _setmode _stricmp _strnicmp _strnicmp _stricmp _strtoi64 _telli64 _strtoui64 _umask _vsnprintf _vsnwprintf _waccess _wchdir _wchmod _wcsicmp _wcsicmp _wcsnicmp _wcsnicmp _wfopen _wfreopen _wmkdir _wmktemp _wopen _wpgmptr _write _wrmdir _wunlink abort atoi bsearch calloc clearerr exit fclose feof ferror fflush fgetc fgets fprintf fputc fputs fread free fscanf fseek ftell fwrite getc getchar getenv gmtime isalnum isalpha iscntrl isgraph islower isprint ispunct isspace isupper iswctype localtime isxdigit malloc memchr memcpy memmove memset mktime memcmp perror printf putc putchar puts raise rand realloc rewind setbuf setvbuf signal srand sscanf strchr strcmp strcspn strerror strftime strlen strncmp strpbrk strrchr strspn strstr strtol strtoul tolower toupper ungetc vfprintf wcscat wcschr wcscmp wcscpy wcslen wcsncmp wcsncpy wcsstr wcstombs |
ntdll.dll |
NtQueryDirectoryFile
NtQueryObject |
libpcre2-8-0.dll |
pcre2_code_free_8
pcre2_compile_8 pcre2_compile_context_create_8 pcre2_compile_context_free_8 pcre2_config_8 pcre2_general_context_create_8 pcre2_general_context_free_8 pcre2_get_error_message_8 pcre2_get_ovector_pointer_8 pcre2_jit_compile_8 pcre2_jit_match_8 pcre2_maketables_8 pcre2_maketables_free_8 pcre2_match_8 pcre2_match_data_create_from_pattern_8 pcre2_match_data_free_8 pcre2_pattern_info_8 pcre2_set_character_tables_8 |
libwinpthread-1.dll |
pthread_getspecific
pthread_key_create pthread_mutex_init pthread_mutex_lock pthread_mutex_unlock pthread_once pthread_setspecific |
USER32.dll |
DispatchMessageA
MsgWaitForMultipleObjects PeekMessageA TranslateMessage |
WS2_32.dll |
WSACleanup
WSAEnumNetworkEvents WSAEventSelect WSAGetLastError WSASetLastError WSASocketA WSAStartup __WSAFDIsSet accept bind closesocket connect freeaddrinfo getaddrinfo gethostbyname gethostname getnameinfo htons listen ntohs recv select setsockopt shutdown |
zlib1.dll |
crc32
deflate deflateBound deflateEnd deflateInit2_ deflateInit_ deflateSetHeader inflate inflateEnd inflateInit2_ inflateInit_ |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 2.41.0.1 |
ProductVersion | 2.41.0.1 |
FileFlags | (EMPTY) |
FileOs | (EMPTY) |
FileType |
VFT_UNKNOWN
|
Language | English - United States |
CompanyName | The Git Development Community |
FileDescription | Git for Windows |
InternalName | git |
OriginalFilename | git.exe |
ProductName | Git |
ProductVersion (#2) | 2.41.0.windows.1 |
FileVersion (#2) | 2.41.0.windows.1 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
SizeofData | 112 |
AddressOfRawData | 0x422000 |
PointerToRawData | 0x3e3c00 |
Referenced File | D:\git-sdk-32-build-installers\usr\src\MINGW-packages\mingw-w64-git\src\git\git.pdb |
StartAddressOfRawData | 0x7fe000 |
---|---|
EndAddressOfRawData | 0x7fe004 |
AddressOfIndex | 0x7f8d5c |
AddressOfCallbacks | 0x7fd01c |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_TYPE_REG
|
Callbacks |
0x006D07D0
0x006D0780 |