Manalyze report for 5c9d85601083c6ef47f780aa22a53a6f

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2023-Jun-01 16:32:36
Detected languages	English - United States
TLS Callbacks	2 callback(s) detected.
Debug artifacts	D:\git-sdk-32-build-installers\usr\src\MINGW-packages\mingw-w64-git\src\git\git.pdb
CompanyName	The Git Development Community
FileDescription	Git for Windows
InternalName	git
OriginalFilename	git.exe
ProductName	Git
ProductVersion	`2.41.0.windows.1`
FileVersion	`2.41.0.windows.1`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: schtask` `May have dropper capabilities: CurrentControlSet\Services` `Contains domain names: apple.com example.com github.com http://schemas.microsoft.com http://schemas.microsoft.com/windows/2004/02/mit/task http://www.apple.com http://www.apple.com/DTDs/PropertyList-1.0.dtd https://github.com kernel.org microsoft.com schemas.microsoft.com vger.kernel.org www.apple.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA1` `Uses constants related to SHA256`
Suspicious	The PE is possibly packed.	`Unusual section name found: /4` `Unusual section name found: .debug`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExA LoadLibraryW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Code injection capabilities: CreateRemoteThread OpenProcess VirtualAlloc` `Code injection capabilities (mapping injection): CreateFileMappingA CreateRemoteThread MapViewOfFileEx` `Can access the registry: RegCloseKey RegOpenKeyExA RegQueryValueExA` `Possibly launches other programs: CreateProcessW` `Uses Windows's Native API: NtQueryDirectoryFile NtQueryObject ntohs` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Leverages the raw socket API to access the Internet: WSACleanup WSAEnumNetworkEvents WSAEventSelect WSAGetLastError WSASetLastError WSASocketA WSAStartup __WSAFDIsSet accept bind closesocket connect freeaddrinfo getaddrinfo gethostbyname gethostname getnameinfo htons listen ntohs recv select setsockopt shutdown` `Functions related to the privilege level: AdjustTokenPrivileges CheckTokenMembership OpenProcessToken` `Enumerates local disk drives: GetDriveTypeW GetVolumeInformationA GetVolumeInformationW` `Manipulates other processes: OpenProcess Process32First Process32Next`
Info	The PE is digitally signed.	`Signer: Johannes Schindelin` `Issuer: Sectigo Public Code Signing CA R36`
Safe	VirusTotal score: 0/71 (Scanned on 2023-07-18 15:09:21)	`All the AVs think this file is safe.`

Hashes

MD5	`5c9d85601083c6ef47f780aa22a53a6f`
SHA1	`9128c892ce59ebb4ef4478feeca613202aa903ca`
SHA256	`51219eea0437a2c216bbf04e0d7565908d991c9012de83ee465c39a37978a1f6`
SHA3	`3ccd17b85dc3c08b37a7bb593a40f48fceccea2c68a4f8ba42131e51d4e153de`
SSDeep	`98304:8BKWlfv7IdwLFcz/sm6NyvQUdEGHuYEldZSwRrdfDrcbA0HOgW1:8JvJJUOyvQUR8ZSwLfDrcxy1`
Imports Hash	`438803b93e7d6e4bfaa7f2b2be36c8a3`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`12`
TimeDateStamp	2023-Jun-01 16:32:36
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x2d2400`
SizeOfInitializedData	`0x3e3600`
SizeOfUninitializedData	`0x37e00`
AddressOfEntryPoint	`0x000013E0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x2d4000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x423000`
SizeOfHeaders	`0x600`
Checksum	`0x3eba07`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`896e108a87290d439e76398ce85d8a1c`
SHA1	`e1f12b89392ded6a495dee8c0d3c4a87ba3c9b91`
SHA256	`b5e1fb3cac468a3dc79a5a60a1761727e3d1041445f2ff87b03c1ee19ff442cd`
SHA3	`a994e4669283507da4f61578b63f736ef20488c666a47f4143480323617044c2`
VirtualSize	`0x2d22fc`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2d2400`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.14168`

.data

MD5	`2141f56ea655eb0ac371e50920674a48`
SHA1	`60d22f7484d1302197d834e3b033d3b23051c342`
SHA256	`a18f8c5e4b58e6baddab6154b25acd7b37f0ca986db07690e9608d5bcd5f737e`
SHA3	`dd02548903e010a79103903e222c58e6629ff1d304896fc37697440f0ebbe745`
VirtualSize	`0xd7a8`
VirtualAddress	`0x2d4000`
SizeOfRawData	`0xd800`
PointerToRawData	`0x2d2a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.04829`

.rdata

MD5	`69ccd7b67f8d39d9d12d65602fec4a65`
SHA1	`9eb34518e768ce454c4b9388e7c11f1507f95040`
SHA256	`86899e7814c06afe6ac9ac43eeada20bc11fa26c5b5282af06ea0088ae6c1451`
SHA3	`17dbc90c79677da0b141e3779a4e7c78e77130740e4c9b746a8b8de2f84cb189`
VirtualSize	`0x8a13c`
VirtualAddress	`0x2e2000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x2e0200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.21575`

/4

MD5	`80a278bc4e0e44eddb1cb74c5467cd1d`
SHA1	`85620d453c3907b522687c4721a94d44c9f2ba22`
SHA256	`2cc72d8362f7ec403d1b9e9ea0b0e8c55036bd64e8beb94454d6fb62a5d7f4e2`
SHA3	`9027efa83fe12dfe0a6314fdfaeddcc229ea22f9c6ef1a77650d1c90e19129a8`
VirtualSize	`0x53580`
VirtualAddress	`0x36d000`
SizeOfRawData	`0x53600`
PointerToRawData	`0x36a400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.12703`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x37dd0`
VirtualAddress	`0x3c1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.edata

MD5	`06f1523833a347e8545669bbe7481cad`
SHA1	`89c1a7dcbaec2c5279e1f7762700eb9a0136a9cd`
SHA256	`89fb06d2dc224261397d53731670999f77dea6fdf487396e015d7ccce1ce3998`
SHA3	`6c4e94fe59e355b8b41b91e2be6a8b6857642b1b460001c183a1616125be7720`
VirtualSize	`0x30`
VirtualAddress	`0x3f9000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3bda00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.433203`

.idata

MD5	`43efc9050e7c47908145fba668bfe0e1`
SHA1	`2377f468f30553330463cdd23c46d63892e2f6a3`
SHA256	`a66c9edc9af273fd8b81b2d001a39d0064b07ae14ec8a6ec10ac58cf9c57caa7`
SHA3	`9436300d3546c60d2174654755498da1ff70c30eee229993d06aecfbc9e296a2`
VirtualSize	`0x2e2c`
VirtualAddress	`0x3fa000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x3bdc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.41316`

.CRT

MD5	`7723df5b25a26c6d11afbf254d7e6a66`
SHA1	`ec0e2dc1d10ca40e28ae96bdf78c21d26de0dc61`
SHA256	`d864f2d61328fa7fac99c50e53bd58f591739770674d8792dc2971b8ed32e6df`
SHA3	`40489cb4fbeea5c9157312823d7d704d0179799ce000df508e63b64a3692ebf3`
VirtualSize	`0x30`
VirtualAddress	`0x3fd000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3c0c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.228726`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x8`
VirtualAddress	`0x3fe000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3c0e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`de94cc0270bc88b36860f894121206fb`
SHA1	`c9ba189aa45e7a9590b6b8abb110c5a02641087b`
SHA256	`69093c644bdb1ead1cc34c0ee287a17756466073d31bd1fd3b9e0fae074cbafc`
SHA3	`894021da68ee8ece8d8c657afc9377fa7c102333000e29387bdab2b4e25d4435`
VirtualSize	`0xc00`
VirtualAddress	`0x3ff000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x3c1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.20551`

.reloc

MD5	`157f6b51ac42706420e9c07e6c245074`
SHA1	`a5bc38d466b4b2901b56d45c049e62001dd3e96e`
SHA256	`09a465844e7771f9b35c24b93819862bc945d1ca28612490c6253a31b1fe11cf`
SHA3	`e81046132ec66b607538dd965133b0590855faf88bb6e318282b929acb652528`
VirtualSize	`0x21eec`
VirtualAddress	`0x400000`
SizeOfRawData	`0x22000`
PointerToRawData	`0x3c1c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.80698`

.debug

MD5	`17300ae50102d528a31acfc26500befa`
SHA1	`24cc67c8d19e6c4c312468788b25eef2908db31b`
SHA256	`3076cc605a96ae49519259d3c26ede90773913692617b0b449b2bd927bc061c1`
SHA3	`9c4ae089be49167e15d31449d7fc962aa796a1ea414b4ef68d2a2ee7a2c23859`
VirtualSize	`0x200`
VirtualAddress	`0x422000`
SizeOfRawData	`0x8c`
PointerToRawData	`0x3e3c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.95032`

Imports

ADVAPI32.dll	`AdjustTokenPrivileges` `AllocateAndInitializeSid` `CheckTokenMembership` `ConvertSidToStringSidA` `CopySid` `EqualSid` `FreeSid` `GetLengthSid` `GetNamedSecurityInfoW` `GetTokenInformation` `GetUserNameW` `InitializeSecurityDescriptor` `IsValidSid` `IsWellKnownSid` `LookupPrivilegeValueA` `OpenProcessToken` `RegCloseKey` `RegOpenKeyExA` `RegQueryValueExA` `SetEntriesInAclA` `SetSecurityDescriptorDacl` `SystemFunction036`
libiconv-2.dll	`libiconv` `libiconv_close` `libiconv_open`
libintl-8.dll	`__printf__` `libintl_bind_textdomain_codeset` `libintl_bindtextdomain` `libintl_fprintf` `libintl_gettext` `libintl_ngettext` `libintl_setlocale` `libintl_snprintf` `libintl_swprintf` `libintl_textdomain` `libintl_vfprintf` `libintl_vprintf` `libintl_vsnprintf`
KERNEL32.dll	`CancelIoEx` `CloseHandle` `ConnectNamedPipe` `CopyFileW` `CreateEventA` `CreateEventW` `CreateFileA` `CreateFileMappingA` `CreateFileW` `CreateHardLinkW` `CreateNamedPipeW` `CreatePipe` `CreateProcessW` `CreateRemoteThread` `CreateSymbolicLinkW` `CreateThread` `CreateToolhelp32Snapshot` `DeleteCriticalSection` `DeleteFileW` `DeleteProcThreadAttributeList` `DeviceIoControl` `DisconnectNamedPipe` `DuplicateHandle` `EnterCriticalSection` `FillConsoleOutputCharacterA` `FindClose` `FindFirstFileW` `FindFirstVolumeW` `FindNextFileW` `FindNextVolumeW` `FindVolumeClose` `FlsAlloc` `FlsFree` `FlsSetValue` `FlushFileBuffers` `FormatMessageW` `FreeConsole` `FreeEnvironmentStringsW` `FreeLibrary` `GetConsoleMode` `GetConsoleScreenBufferInfo` `GetCurrentDirectoryW` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentProcessorNumber` `GetCurrentThreadId` `GetDiskFreeSpaceExA` `GetDiskFreeSpaceExW` `GetDriveTypeW` `GetEnvironmentStringsW` `GetEnvironmentVariableA` `GetEnvironmentVariableW` `GetExitCodeProcess` `GetFileAttributesExW` `GetFileAttributesW` `GetFileInformationByHandle` `GetFileInformationByHandleEx` `GetFileSizeEx` `GetFileType` `GetFinalPathNameByHandleW` `GetFullPathNameA` `GetFullPathNameW` `GetHandleInformation` `GetLargePageMinimum` `GetLastError` `GetLongPathNameW` `GetModuleHandleA` `GetModuleHandleW` `GetNamedPipeHandleStateA` `GetNumaHighestNodeNumber` `GetNumaNodeProcessorMask` `GetNumberOfConsoleInputEvents` `GetOverlappedResult` `GetProcAddress` `GetProcessHeap` `GetProcessId` `GetProcessTimes` `GetShortPathNameW` `GetStdHandle` `GetSystemDirectoryW` `GetSystemInfo` `GetSystemTimeAsFileTime` `GetTickCount64` `GetVersion` `GetVolumeInformationA` `GetVolumeInformationW` `GlobalMemoryStatusEx` `HeapAlloc` `HeapFree` `InitializeConditionVariable` `InitializeCriticalSection` `InitializeProcThreadAttributeList` `IsDebuggerPresent` `IsProcessorFeaturePresent` `IsWow64Process` `LeaveCriticalSection` `LoadLibraryA` `LoadLibraryExA` `LoadLibraryW` `LocalAlloc` `LocalFree` `MapViewOfFileEx` `MoveFileExW` `OpenProcess` `PeekConsoleInputA` `PeekNamedPipe` `Process32First` `Process32Next` `QueryPerformanceCounter` `QueryPerformanceFrequency` `ReadDirectoryChangesW` `ReadFile` `ResetEvent` `SetConsoleCtrlHandler` `SetConsoleMode` `SetConsoleTextAttribute` `SetEndOfFile` `SetEnvironmentVariableW` `SetEvent` `SetFileAttributesW` `SetFilePointer` `SetFileTime` `SetLastError` `SetNamedPipeHandleState` `SetStdHandle` `SetUnhandledExceptionFilter` `Sleep` `SleepConditionVariableCS` `SleepEx` `TerminateProcess` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `UnmapViewOfFile` `UpdateProcThreadAttribute` `VirtualAlloc` `VirtualFree` `VirtualProtect` `VirtualQuery` `VirtualUnlock` `WaitForMultipleObjects` `WaitForSingleObject` `WaitNamedPipeW` `WakeAllConditionVariable` `WakeConditionVariable` `WideCharToMultiByte` `WriteConsoleA` `WriteConsoleW` `WriteFile`
msvcrt.dll	`__mb_cur_max` `__p__commode` `__p__fmode` `__set_app_type` `__setusermatherr` `__wgetmainargs` `__winitenv` `_amsg_exit` `_assert` `_beginthreadex` `_cexit` `_close` `_commit` `_dup` `_dup2` `_endthreadex` `_errno` `_execl` `_execlp` `_fdopen` `_fileno` `_fileno` `_flushall` `_get_osfhandle` `_getpid` `_initterm` `_iob` `_isatty` `_lseeki64` `_onexit` `_open_osfhandle` `_read` `_rmdir` `_setmode` `_stricmp` `_strnicmp` `_strnicmp` `_stricmp` `_strtoi64` `_telli64` `_strtoui64` `_umask` `_vsnprintf` `_vsnwprintf` `_waccess` `_wchdir` `_wchmod` `_wcsicmp` `_wcsicmp` `_wcsnicmp` `_wcsnicmp` `_wfopen` `_wfreopen` `_wmkdir` `_wmktemp` `_wopen` `_wpgmptr` `_write` `_wrmdir` `_wunlink` `abort` `atoi` `bsearch` `calloc` `clearerr` `exit` `fclose` `feof` `ferror` `fflush` `fgetc` `fgets` `fprintf` `fputc` `fputs` `fread` `free` `fscanf` `fseek` `ftell` `fwrite` `getc` `getchar` `getenv` `gmtime` `isalnum` `isalpha` `iscntrl` `isgraph` `islower` `isprint` `ispunct` `isspace` `isupper` `iswctype` `localtime` `isxdigit` `malloc` `memchr` `memcpy` `memmove` `memset` `mktime` `memcmp` `perror` `printf` `putc` `putchar` `puts` `raise` `rand` `realloc` `rewind` `setbuf` `setvbuf` `signal` `srand` `sscanf` `strchr` `strcmp` `strcspn` `strerror` `strftime` `strlen` `strncmp` `strpbrk` `strrchr` `strspn` `strstr` `strtol` `strtoul` `tolower` `toupper` `ungetc` `vfprintf` `wcscat` `wcschr` `wcscmp` `wcscpy` `wcslen` `wcsncmp` `wcsncpy` `wcsstr` `wcstombs`
ntdll.dll	`NtQueryDirectoryFile` `NtQueryObject`
libpcre2-8-0.dll	`pcre2_code_free_8` `pcre2_compile_8` `pcre2_compile_context_create_8` `pcre2_compile_context_free_8` `pcre2_config_8` `pcre2_general_context_create_8` `pcre2_general_context_free_8` `pcre2_get_error_message_8` `pcre2_get_ovector_pointer_8` `pcre2_jit_compile_8` `pcre2_jit_match_8` `pcre2_maketables_8` `pcre2_maketables_free_8` `pcre2_match_8` `pcre2_match_data_create_from_pattern_8` `pcre2_match_data_free_8` `pcre2_pattern_info_8` `pcre2_set_character_tables_8`
libwinpthread-1.dll	`pthread_getspecific` `pthread_key_create` `pthread_mutex_init` `pthread_mutex_lock` `pthread_mutex_unlock` `pthread_once` `pthread_setspecific`
USER32.dll	`DispatchMessageA` `MsgWaitForMultipleObjects` `PeekMessageA` `TranslateMessage`
WS2_32.dll	`WSACleanup` `WSAEnumNetworkEvents` `WSAEventSelect` `WSAGetLastError` `WSASetLastError` `WSASocketA` `WSAStartup` `__WSAFDIsSet` `accept` `bind` `closesocket` `connect` `freeaddrinfo` `getaddrinfo` `gethostbyname` `gethostname` `getnameinfo` `htons` `listen` `ntohs` `recv` `select` `setsockopt` `shutdown`
zlib1.dll	`crc32` `deflate` `deflateBound` `deflateEnd` `deflateInit2_` `deflateInit_` `deflateSetHeader` `inflate` `inflateEnd` `inflateInit2_` `inflateInit_`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3c5`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.38645`
MD5	`b88d8293fbcb5b97339d180912ffd0a5`
SHA1	`f0c03f4d20fe02ff58b122b3df13a82d11e29b67`
SHA256	`8af071994d0fe7164c6681cc9ce5ec2225722228eb0cdfe665ec2e6cbe14d0ec`
SHA3	`19a9423783424e3fb4324bd0ca5821a50578d5605285bcc9f61c8aa1418f2bf2`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x294`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.32624`
MD5	`b3c06cb9bf5f0e64bf4651a67a37d705`
SHA1	`15c808fad2d84d493ea4e7f07a8278624ff45766`
SHA256	`6d1473cdb153ce5dc274e4f45e0202d4e7e938bcbc8ef1b8963fa4aa97b9cd0d`
SHA3	`79f4adafb25b888f9f68ef9ff11e625b63d9539520ef745d6227dcc1bfcbc04f`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x48f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.13793`
MD5	`5aa04ce935e78505e230765e85c34355`
SHA1	`6c93b8c5fde8be4b2231dca6b8ec513cdc82c991`
SHA256	`a73f26a8d504043f785d7360e8febf2eeb8522ec873a0d4dd5d1d4bfd1e67d3d`
SHA3	`149467cafc03ba34b33cd8076fc2771413760822357952de205dbae2b5cb8059`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.41.0.1
ProductVersion	2.41.0.1
FileFlags	`(EMPTY)`
FileOs	`(EMPTY)`
FileType	`VFT_UNKNOWN`
Language	English - United States
CompanyName	The Git Development Community
FileDescription	Git for Windows
InternalName	git
OriginalFilename	git.exe
ProductName	Git
ProductVersion (#2)	2.41.0.windows.1
FileVersion (#2)	2.41.0.windows.1

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`112`
AddressOfRawData	`0x422000`
PointerToRawData	`0x3e3c00`
Referenced File	D:\git-sdk-32-build-installers\usr\src\MINGW-packages\mingw-w64-git\src\git\git.pdb

TLS Callbacks

StartAddressOfRawData	`0x7fe000`
EndAddressOfRawData	`0x7fe004`
AddressOfIndex	`0x7f8d5c`
AddressOfCallbacks	`0x7fd01c`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x006D07D0` `0x006D0780`

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Section .bss has a size of 0!