Manalyze report for ed71804ec04f9171490a438889e7cff49989907f3d3fa88fb74dbc1144d4467c

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1970-Jan-01 00:00:00
Detected languages	Chinese - Taiwan English - United States French - France Italian - Italy Japanese - Japan Slovenian - Slovenia
CompanyName	WireGuard LLC
FileDescription	WireGuard: hiter, sodoben, varen tunel VPN
FileVersion	`1.0.1`
InternalName	wireguard-windows
LegalCopyright	Copyright Â© 2015-2026 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
OriginalFilename	wireguard.exe
ProductName	WireGuard
ProductVersion	`1.0.1`
Comments	https://www.wireguard.com/

Plugin Output

Suspicious	PEiD Signature:	`XWD graphics format` `HQR data file`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: rundll32.exe` `Contains references to security software: guard.exe` `May have dropper capabilities: CurrentControlSet\Services` `Contains another PE executable: This program cannot be run in DOS mode.` `Miscellaneous malware strings: cmd.exe` Contains domain names: -golang.zx2c4.com .eq.github.com .eq.golang.org .eq.golang.zx2c4.com .github.com .golang.org .hash.github.com .hash.golang.org .hash.golang.zx2c4.com .hash.net 0golang.zx2c4.com 2golang.zx2c4.com ConfView.github.com EditDialog.github.com Firstgolang.org ListView.github.com LogPage.github.com ManageTunnelsWindow.github.com SyntaxEdit.github.com TunnelsPage.github.com UpdatePage.github.com algorithmgolang.org cacerts.digicert.com catmsg.Firstgolang.org comodoca.com crl.comodoca.com crl.microsoft.com crl.sectigo.com crl3.digicert.com crt.sectigo.com digicert.com eq.github.com eq.golang.org eq.golang.zx2c4.com github.com golang.org golang.zx2c4.com hash.github.com hash.golang.org hash.golang.zx2c4.com http://cacerts.digicert.com http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E http://cacerts.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crt0_ http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C http://crl.comodoca.com http://crl.comodoca.com/AAACertificateServices.crl04 http://crl.microsoft.com http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z http://crl.sectigo.com http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0 http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0 http://crl3.digicert.com http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 http://crl3.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crl0 http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 http://crt.sectigo.com http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0# http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0# http://ocsp.comodoca.com0 http://ocsp.digicert.com0 http://ocsp.digicert.com0A http://ocsp.digicert.com0C http://ocsp.sectigo.com0 http://www.microsoft.com http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0 http://www.microsoft.com/pkiops/Docs/Repository.htm0 http://www.microsoft.com/pkiops/certs/Microsoft%20Time-Stamp%20PCA%202010 http://www.microsoft.com/pkiops/certs/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crt0 http://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010 http://www.microsoft.com/pkiops/crl/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crl0 https://go.dev https://sectigo.com https://www.microsoft.com https://www.microsoft.com/en-us/windows https://www.wireguard.com https://www.wireguard.com/ https://www.wireguard.com//windows-client/latest.sigVersion https://www.wireguard.com/donations/No https://www.wireguard.net https://www.wireguard.net/ microsoft.com pluralgolang.org sectigo.com sizegolang.org syntax.SyntaxEdit.github.com taggolang.org timesgolang.org ui.ConfView.github.com ui.EditDialog.github.com ui.ListView.github.com ui.LogPage.github.com ui.ManageTunnelsWindow.github.com ui.TunnelsPage.github.com ui.UpdatePage.github.com wireguard.com wireguard.net www.microsoft.com www.wireguard.com www.wireguard.net zx2c4.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata` `Unusual section name found: .symtab`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Functions which can be used for anti-debugging purposes: SwitchToThread`
Malicious	The PE is possibly a dropper.	`Resource WIREGUARD.DLL detected as a PE Executable.`
Info	The PE is digitally signed.	`Signer: WireGuard LLC` `Issuer: Sectigo Public Code Signing CA EV R36`
Safe	VirusTotal score: 0/69 (Scanned on 2026-04-21 16:22:07)	`All the AVs think this file is safe.`

Hashes

MD5	`edf712511ecf847d5c844f1acd244da2`
SHA1	`ede675d6d4a0b2cefe48dc1e855fa7ec35a68193`
SHA256	`ed71804ec04f9171490a438889e7cff49989907f3d3fa88fb74dbc1144d4467c`
SHA3	`8e82d01dcff6f402d48715b4e32a49d4e8103a99992ade7846c75b49ad3ba6f3`
SSDeep	`98304:62EpEGbGji37FAIYYSbneXfSJVuBU2Af45EYYcW7q79:6NDdYYSbneXkfhYYcW7q79`
Imports Hash	`ed8b780a3ce7ca4aba78a21f6bc3d4e0`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0x8b`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`9`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0x6df600`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`3.0`
SizeOfCode	`0x2aa800`
SizeOfInitializedData	`0x63e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000880A0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`1.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0x292d000`
SizeOfHeaders	`0x600`
Checksum	`0x8e245d`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`698f895827e742fddabd8870ad5d9c56`
SHA1	`8a4b362f16f1cf56eef66e8dfe60d655dc52b284`
SHA256	`e0100c251ff748a8d6f26f60128fbac9b2f818d4feea44dfb999c4b7baa4ba4d`
SHA3	`2e85fffbcf0f5042811838c699fdd9e7a29dce6aac29302410e2877609f7e454`
VirtualSize	`0x2aa671`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2aa800`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.19821`

.rdata

MD5	`a942e47e23d74adc8627bbb1cf14c612`
SHA1	`46534c6705b812d1dd7bd4dcb7ca836378b1b471`
SHA256	`cef2bee90971899c20b22aa313a819e71b38a02408d149ba9b143f98086253d4`
SHA3	`9d16beed9ecf9b41ade24bd4e2b230fa2e67ed19d776fd9057e90e41f60bcd44`
VirtualSize	`0x3aaf48`
VirtualAddress	`0x2ac000`
SizeOfRawData	`0x3ab000`
PointerToRawData	`0x2aae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.73917`

.data

MD5	`43581bc7ad808889653ac67a9f6a2ddc`
SHA1	`18e08384a1d64f94d16290d54ad176c6d79808e3`
SHA256	`2990e0c7454501646fd3db2c5bbaf1a50061aa91e78388cd3396a57ff33fe349`
SHA3	`0f8c3647377b5d04976cbb9d22cbf5986368759b9739103909a6feae5155a668`
VirtualSize	`0x20baf20`
VirtualAddress	`0x657000`
SizeOfRawData	`0x63e00`
PointerToRawData	`0x655e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.59364`

.pdata

MD5	`87cc7795cdb2f4e3d7dfcafff5953907`
SHA1	`502a8d6c20546213c45d64489d9631c33bd657f0`
SHA256	`288e7459273cc35209c71deddd9042aac01cb3de424dc8483f1347765a07a585`
SHA3	`8067ea2cd9c09fef3b346e0796aafb87dd677e76ec278cc1c14fe9d60fb2a0d1`
VirtualSize	`0x13734`
VirtualAddress	`0x2712000`
SizeOfRawData	`0x13800`
PointerToRawData	`0x6b9c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.61291`

.xdata

MD5	`264ab0195f16b6b58d8aa54af6d0a5c2`
SHA1	`48b9da892be7f707c6014dd18b41feb9e1343841`
SHA256	`8ba9c8d8c735092f0215054554734a0aadae857311794f12d15bcaf6f9a28f5c`
SHA3	`fe458ac226338f283791c83479f7f0a0055f745e87bf7e90557ac85dc1bffa71`
VirtualSize	`0xb4`
VirtualAddress	`0x2726000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6cd400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.78711`

.idata

MD5	`f2c0d3e17c82d9c542e72e46cfe270fe`
SHA1	`e0515ac36d809f713f6114e0aacbb172451500f6`
SHA256	`01199861991fdb2ac5fde93cebd7c1d4b78ae8b0ad5e7c1d8932cb692380dfc5`
SHA3	`27e2d2d92e9108ad19e0bb9634b474b3f6c7021c1915fa1891a03c64b93e6be7`
VirtualSize	`0x57c`
VirtualAddress	`0x2727000`
SizeOfRawData	`0x600`
PointerToRawData	`0x6cd600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.15273`

.reloc

MD5	`25a6874e48d046e27164b3f5b1357463`
SHA1	`f36a5c3a1abeb95d9250dad3e729fc41d1fb328f`
SHA256	`997eece55b4defc57d748715cf8c826f14d675b9aafbaa8ae8000233ea144c47`
SHA3	`163d49c65f796119e2ae5f638e59c4a5c52c295456d3283bc64f2c1038160229`
VirtualSize	`0x119d0`
VirtualAddress	`0x2728000`
SizeOfRawData	`0x11a00`
PointerToRawData	`0x6cdc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.44148`

.symtab

MD5	`07b5472d347d42780469fb2654b7fc54`
SHA1	`943ae54f4818e52409fbbaf60ffd71318d966b0d`
SHA256	`3e67f4a7d14b832ff2a2433e9cf0f6f5720821f67148a87c0ee2595a20c96c68`
SHA3	`a70a3e18515c06557b62676f2a8eb6d7d41962d8c9c7c49f4641c429cc65b977`
VirtualSize	`0x4`
VirtualAddress	`0x273a000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6df600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0203931`

.rsrc

MD5	`9b8a322d225284396c1142a3c533ac83`
SHA1	`de1abf8d6d3c5cfd2e9b3388b0e6ed9a9015b762`
SHA256	`e277585097665eac5455f4878e8f98f0c4f96fdd1f8118909e5d2758e2a973e9`
SHA3	`cb243bb544488e88a9d273077c5b73b30a871129ee27b3b867f1c8b7d3789be7`
VirtualSize	`0x1f144c`
VirtualAddress	`0x273b000`
SizeOfRawData	`0x1f1600`
PointerToRawData	`0x6df800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.38145`

Imports

kernel32.dll	`GetProcAddress` `LoadLibraryExW` `WriteFile` `WriteConsoleW` `WerSetFlags` `WerGetFlags` `WaitForMultipleObjects` `WaitForSingleObject` `VirtualQuery` `VirtualFree` `VirtualAlloc` `TlsAlloc` `SwitchToThread` `SuspendThread` `SetWaitableTimer` `SetProcessPriorityBoost` `SetEvent` `SetErrorMode` `SetConsoleCtrlHandler` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `ResumeThread` `RaiseFailFastException` `QueryPerformanceCounter` `PostQueuedCompletionStatus` `LoadLibraryExW` `SetThreadContext` `GetThreadContext` `GetSystemInfo` `GetSystemDirectoryA` `GetStdHandle` `GetQueuedCompletionStatusEx` `GetProcessAffinityMask` `GetProcAddress` `GetErrorMode` `GetEnvironmentStringsW` `GetCurrentThreadId` `GetConsoleMode` `FreeEnvironmentStringsW` `ExitProcess` `DuplicateHandle` `CreateWaitableTimerExW` `CreateThread` `CreateIoCompletionPort` `CreateEventA` `CloseHandle` `AddVectoredExceptionHandler` `AddVectoredContinueHandler`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xfba3`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99102`
Detected Filetype	PNG graphic file
MD5	`674fc22e89f57a4ff997c0ff010ccffc`
SHA1	`57bd6dbc4b03fd43820765dfe2adb601dcd6e4fe`
SHA256	`13df4aa930e2beaf053698f728b0490563821fb132275277ee078b540d373e63`
SHA3	`b30c2d2e492c0f92af5b7e90131f153d4befce6f046d522eb1cb5ac3c396c44e`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91645`
MD5	`906cf43d29cb6f03efa0388564aeffb7`
SHA1	`b78651edf7291760e6cd201c18aa4ef0ec430058`
SHA256	`02540c07c482827a28fa51de3f949375caf0485c12c6bc5cfd2fc0e625a87e40`
SHA3	`77b15f2bca48a3a02cca66a0d08664cc0ee9043f77133cd4aa96fb8f01b6e825`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.14714`
MD5	`acd39e42ee19375eda119ce418bcb4cc`
SHA1	`f58ba1c75b3768efd366cdc3a3062a0c33fac588`
SHA256	`6f9dfa9fc550e9036a2140c89adb1f46a18b93fbe0678044b4d40d4d531f8dd9`
SHA3	`7af2f821ab50b4c9107762ad67daeeb91eea8a1a5b4ce57746257d791da8d04f`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.3654`
MD5	`8d9b8414b6877297532b93356987ac4f`
SHA1	`af4ea62cd9d26377bf41437b1da7d84324d31791`
SHA256	`f930dc70bd3dbcecf8e654418cef749186aa4ffa68b3315d229f80e6e258e662`
SHA3	`57bfe5fd5dd726dd185f225268751f6a75c1ec312cd3c6ecdc59e00b09312d6b`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.75223`
MD5	`aac1f42f36ef069ebf5c470b55388bf1`
SHA1	`ead1523f71c6514107a5c57c2074a94dd5a17f45`
SHA256	`f0edeebad936e4ec4d75549ca364e6ba272e6ef49454608f1a00c0b7717326d9`
SHA3	`391b333bb59d6ee2f66dbe78a82e6e6f3bcda7d9d0afd2e57993b649f9647cfa`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.04561`
MD5	`b3b477148b3e80d059d0d871ab0ceb1b`
SHA1	`90c5dd3f900820b343694036d750e80b73cdf2d4`
SHA256	`e1d1fc259e348996d06f975ba9f5121b610198c041ef5743cfede46ebe60d8a6`
SHA3	`c5020be175d2ce56386338915debda44998c8d99960b0063b1055ddfbcdf29e9`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1a68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.28955`
MD5	`26f0405c530046e12a9549c2d6527ecc`
SHA1	`68191917b576b18ebb62c0b128a3a577b42160af`
SHA256	`dd7a4f01e233e029db401eff532a64a8499c78bb2ed8bb92fbd8169e55f2e4fc`
SHA3	`4f7513465272ba357a98e48838580841c8c05a4f71279aa5988acf3d11a0bb0c`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.55911`
MD5	`2bc026c212f6f368da931499c1d7bb85`
SHA1	`672ad66a7db14131dffd64c1cbbec7abbee4b58c`
SHA256	`81fa855ebee4b258c555fcdd721b368ce336602163c9b71a96a37a8370bd1332`
SHA3	`9f5153bcaa7dde1b81617f3e637292a896b4faadb89ec42344dcae3019beadb7`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.95599`
MD5	`35c6ac3d8c024c3fe152477a131d4b44`
SHA1	`d54a28281134749155da631f63746ec2d7b71b8b`
SHA256	`421547f74640d5e27c186f61e37499f7483c36ad186cd148c0139975dd4b211a`
SHA3	`089b4f1557efaddb2df9a9c9a053e75bd0f322c5f882c027b135847f48e96d31`

10

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x6b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.20345`
MD5	`11368f1c3fe2a4cbc7c44d9e33370051`
SHA1	`048f9f962c3b0459b267ee44846a5c32a9ca3a7d`
SHA256	`39329d1ff6ab913f8b76361d6c269677ab325d443c56959a58196cd611762c91`
SHA3	`fd1673244b9723233901eaa6a247e7707c6f4192663fd5a8a8de8f97b1dc0eb1`

11

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.41118`
MD5	`d025cf95949fb8295975b04eaf0e37ee`
SHA1	`4f5241ffcdce7e36f1d0e4d4d8000c5e4cce305a`
SHA256	`74c796029ce0bba2e1398301ea286037beef57fc775aee70568baf0cfaedddf8`
SHA3	`82e9b86ac5f1d330198ad62028949537e3233f0c6d0ec962c1fc641b662006d9`

12

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x24e2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.92702`
Detected Filetype	PNG graphic file
MD5	`45b82f411ea49ddea70dac96e3f37457`
SHA1	`28b1efa60d2c69df68337937f5fb2a1869ce92f5`
SHA256	`1a2ce1dbb008c1b9014a8967a5cec4e536dfc91ec932e3fc0dbc584314bc3b85`
SHA3	`ce7d08c61016f700dc392f1bcbf7047a166d1625f49a416329148af4808e64a8`

13

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.176`
MD5	`8698bb5f1baa60ef4d40b5cbda4d4fc4`
SHA1	`1a6a790729d0e6848709281ff0236b795e555e93`
SHA256	`248d3f0a8a5e62e88141601d6bb9379004756019e0bc84732122c1088f89f338`
SHA3	`2e84e20c2ee7a843ad7f3c90e629335915b9d73d83c54ffe6de42ced8dab0220`

14

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.29461`
MD5	`9d2c0402304a79e8e25f6da9d70d39d0`
SHA1	`d7fe6817318c1980fc6b7d7e66b60aa6f3290e5a`
SHA256	`56e9a244b0cc82e563e2c962c29387b69c668f3e9b8ebccca99263314f6b6e38`
SHA3	`a117746a7cf6734a8f5ff66b46b5e894aef0273a53dd33afd9992f1c102e5084`

15

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.37756`
MD5	`8d1d27d301eb5333294590784571837c`
SHA1	`0597431605dc8227046de14e3fe5776e8ba0068f`
SHA256	`b8d8a75492045ee6b98521b810e867a9167cd4a2028b33ab5dcc4ba29c223db9`
SHA3	`f650a48431762d2a3eb39e59cd2b2a4c0033f60495659c35a71316c80c13aa65`

16

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.55394`
MD5	`1226371b07b022c0e8c2432236e5928e`
SHA1	`c2deef0a6489304d0f30d6469972897d627d9efe`
SHA256	`b6b20256e5f9002ea07cc13cd9a01829c7882466992ebdca628823a962f7e95e`
SHA3	`16aa2fc6d301e587fbea29387028476041ca15323303e4dfa188444935440de1`

17

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.67531`
MD5	`602f21b3f01b309df7a6b535b91bcf10`
SHA1	`afd449d8087bb647ff28a7e9f1afda523af2dac3`
SHA256	`8c0db4a80679d0b958154454c84ba4c8314771a67d860add8dfb309f101ddc28`
SHA3	`f2c0dddd0370dddf97b8233477d8896832383493abae1bf80bcafd188ca43d23`

18

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1a68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.89031`
MD5	`c7053dab22fe8d4a5fc432c98c67a22d`
SHA1	`ac8ceaa9ade93797066e0777588dcb6cad59eea0`
SHA256	`54bc4ef3512ab314202e64f1c3a4d53433824c3146b7986f3cad4997ee801cce`
SHA3	`a05c8011a6db73b9fc4db0e37c9d207c1d44253fedc40475c1c19a2077e2f70d`

19

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.99414`
MD5	`cceedb8255b73795f4edba6b737d77b1`
SHA1	`9b3322b62dc04f4042bf2c4761995ac880ee8243`
SHA256	`1ee4f43e7e80321bdff8578706eedadff9bebb1d74a6fa05574fcbbdec2c4134`
SHA3	`3a1ad115e6349faa756db4eeec288cf9bbe352b1a93ce4447484c2952b60b199`

20

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.32139`
MD5	`5c2b3492e4579cc232f21d7fc2319527`
SHA1	`9cef9b1bc82946abe4e3a2296f378c94b41562f8`
SHA256	`f2f9ca2fa5ae84f72f2f864c6dc35d82c6ddd3b3f8cdb81d0e44ab5925049ae2`
SHA3	`4e5aa0a3ba7701434c35147488a21da9abb903b3246d6b52a341f84dfaba14b7`

21

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x6b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.50493`
MD5	`9c1f62ebe3bbddd3cea4e83fe983f4ec`
SHA1	`f7d4b469b671a3289393117ff692323ec9e9aaec`
SHA256	`789112d5074417c1c05da26bfc4e68e1d2e181cd60816027d9ceb2e729c2f970`
SHA3	`24a77e3253eccaeaa4c78a01fb6707b130e79498d756e72dbfc6ae37396dc08f`

22

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.63555`
MD5	`3bac75cc146f6c769111e0fc047dcac4`
SHA1	`2bc742629380841cb88f17ee657015f575cee870`
SHA256	`510176e399feb2b235bbbd21dc5b92055f553f27ef7a79c74057043d413766c8`
SHA3	`f1c839c56c02a79b87789206d44629c3e66a0752725cc7d41f7354ac4db904f0`

WIREGUARD.DLL

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14a460`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.72472`
Detected Filetype	PE Executable
MD5	`236c985820c7b9b7c17669ef570ab697`
SHA1	`480920e55844810a2d84c9b61c14cb1cae561b3f`
SHA256	`40add3d0b47bee347fcad0f59a0a68ca3d98fb4f7aa90cc4e8ff76086219eca7`
SHA3	`fe7a6161323100ff4f7845bc692594f9e4093d0279eaf1bf001c0cc45f338f3e`

7 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xa0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.17158`
Detected Filetype	Icon file
MD5	`a98f370a5060c4b65a0ca297e9837ead`
SHA1	`148739285cf67338bec18eb4188a0235ca8f4051`
SHA256	`b6adbd8e85183a26adea94d43fca4a88803241ee31bda0e6f37df1231cd3b18b`
SHA3	`5d18ce5e583b1c615284e2e455a9d251a88ae1ba714ebd4e25ff9b177a788979`

8 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xa0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.24156`
Detected Filetype	Icon file
MD5	`6b5cd55a5d988922441957e7828e253f`
SHA1	`a613c1f7fa01e92c9b8dafcbc771e51c11297200`
SHA256	`3542fb260978855996e02118f0329cf87a125b2270ace126b293c8abcd1a6e4b`
SHA3	`97b2e026ff798dd09e1810cefc7c792fb10e2b430d91fba5cf65a8108feaeb1f`

1 (#2)

Type	`RT_VERSION`
Language	Chinese - Taiwan
Codepage	UNKNOWN
Size	`0x3a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.61957`
MD5	`a1cf7462158977e39c8391f7b44f3a92`
SHA1	`d28aef989df2f345798b01fd2d2f2039cb45f39d`
SHA256	`b43992958625eeb84a1ef4de182cb9e7a716ce5323132e0baf30575b3548d508`
SHA3	`8d8a14ca32f34de3cdebdfa2fcc81c59a31460fa7fdae1c80a0626bc8c4e8fd4`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.49603`
MD5	`55780587659a7481cc68e097ee5657f6`
SHA1	`d01ac0f675f015c6cc83dfc1e2790fedc8691f15`
SHA256	`4695bb10e18c2db0ff717b3fb1c3b8fb55169794d1dc1903872a01d4f9950eed`
SHA3	`33ea7fd43ae1349b92614921e09312bd4f84644bc595f754012ab000e7786a3f`

1 (#4)

Type	`RT_VERSION`
Language	French - France
Codepage	UNKNOWN
Size	`0x3d0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.4815`
MD5	`0b009f76d512034256a4c2db135284d1`
SHA1	`6681e163c25a32bd3ce2550011b92dee2062bbf2`
SHA256	`db7f2f61d74a2def70785a21197c2915d748f43ef3a37148d5eb7691e9ce7178`
SHA3	`e160bc193b8ef1eda977079b8a5673d3d3dc90430a429d24eac6ce1a9b69dbf9`

1 (#5)

Type	`RT_VERSION`
Language	Italian - Italy
Codepage	UNKNOWN
Size	`0x3d0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.47177`
MD5	`ac958c73faa2611c4e2dfe921be225e2`
SHA1	`3f0782c30b4afc146625ca720278910e94ab3142`
SHA256	`8276704d3caf6f1418913cca41ca8643d8262fb4018c450b2b9d4a558f0e5196`
SHA3	`3c81a5d416f022108ff6e98c67c67a52e6efab4a3547f37c1fef098843b51a4a`

1 (#6)

Type	`RT_VERSION`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x3b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.6661`
MD5	`7a786f4f1221f7aab6059fa9e710894a`
SHA1	`a23dcd5a07eeac08e02245b473a7c167bc9b8297`
SHA256	`8221112a6f681c59f9b4d9a4d84b0b0425717c651c7d95192686ba3b2d999a75`
SHA3	`bc8d854fb1914f2e71511b5217a6cb36fc35a4865d01011932aea58f62ba30c4`

1 (#7)

Type	`RT_VERSION`
Language	Slovenian - Slovenia
Codepage	UNKNOWN
Size	`0x3c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.48436`
MD5	`b95660f944b5a34178cfcb613e919ef2`
SHA1	`dac4f64a0a36e66f82285e55886f63c58bad3273`
SHA256	`811ceeb76505438479baa834f459ec3f1cbc0464d59d758f73cc6e4633b6fc0e`
SHA3	`a8df72399df5d717f1b86f0b307bc02fc5e3185f8256e5a4612535eca7a26bab`

1 (#8)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x45e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.01951`
MD5	`78afee15b07f9d566ae8e3812f8bb3e5`
SHA1	`1ff00bf762d2d0614cd6f42bdb47797b55e41afb`
SHA256	`42e90a43bd388359a75d57982b024591fc63e2ebe78a345cbaed21e2fa1cfc5f`
SHA3	`4144e2036fd4a69e33c6eff89c388c903106da3d89a7d7965340617268ec1331`

Version Info

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0`

RICH Header

Errors

[*] Warning: Multiple nodes using the name Version Info in a dictionary.
[*] Warning: Multiple nodes using the name Version Info in a dictionary.
[*] Warning: Multiple nodes using the name Version Info in a dictionary.

Leave a comment

No comments yet.