Manalyze report for 11df838dc69378187e1e1aaf32d34384157642d07096c6e49c1d0e7375634544

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Jul-10 09:53:41
Detected languages	English - United States
Debug artifacts	D:\a\rufus\rufus\res\setup\x64\Release\setup.pdb
CompanyName	Akeo Consulting
FileDescription	Windows Setup Wrapper
FileVersion	`1.0`
InternalName	Setup
LegalCopyright	Â© 2024 Pete Batard (GPL v3)
LegalTrademarks	https://rufus.ie/setup
OriginalFilename	setup.exe
ProductName	Setup
ProductVersion	`1.0`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: https://rufus.ie`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Can access the registry: RegDeleteKeyA RegCreateKeyExA RegSetValueExA RegOpenKeyExA RegEnumKeyExA RegCloseKey` `Possibly launches other programs: CreateProcessA`
Info	The PE is digitally signed.	`Signer: Akeo Consulting` `Issuer: Sectigo Public Code Signing CA EV R36`
Safe	VirusTotal score: 0/70 (Scanned on 2026-05-03 19:22:43)	`All the AVs think this file is safe.`

Hashes

MD5	`c0f73adcea6c87e92ddf3a7e48b97a11`
SHA1	`35a84469f60572f986304b2bdd0a7701cc1d77b9`
SHA256	`11df838dc69378187e1e1aaf32d34384157642d07096c6e49c1d0e7375634544`
SHA3	`71caab4c4f593cdec9c87a149c7b99bf4d2cacb86e213378835b1733ccca1bb1`
SSDeep	`3072:+IK191uACHYbDB6IGhac0NJ1eX8zQb1TMHK0T52:+l/1KADB6jSN6X8zkQ/92`
Imports Hash	`5dc42e6c0501680a3184cbbfa7e08b29`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2025-Jul-10 09:53:41
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xd600`
SizeOfInitializedData	`0x15600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000016E8 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x27000`
SizeOfHeaders	`0x400`
Checksum	`0x2ee6f`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`13a9db6add96ad53fe9dcf94fb1ca42e`
SHA1	`ac0985a6f85c2b6a7739610109cf8536c4807989`
SHA256	`f38be7b202d4ada8c09681c1b22cdda7d2616a01d923b87474d38ab884bf8ec5`
SHA3	`699ca2c7f52c32b4b133b9c5ab7ea53c020241618350811572dee61e0fc8449e`
VirtualSize	`0xd590`
VirtualAddress	`0x1000`
SizeOfRawData	`0xd600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.42838`

.rdata

MD5	`7b528ac1cf061ae7ed4f99d24b742cb9`
SHA1	`81f4dc951da427bd4f9717be15190f9242657aa7`
SHA256	`cc7b557f6480718eb9b9ffe6f540c2d349254450dcf7827500b3211cf1b36227`
SHA3	`f59d3a9dcc81e0375f9fd26e16d459af8d25ba8660be7e9358e3ae2ec7aa742e`
VirtualSize	`0x9cb8`
VirtualAddress	`0xf000`
SizeOfRawData	`0x9e00`
PointerToRawData	`0xda00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.72072`

.data

MD5	`ff63ad38fac2f1f610b7f304cc891f2d`
SHA1	`80588ba05a4dc168f3d0658acb3d11f352c2ec23`
SHA256	`e17edf346249b14a6812d6646c70a9e72e22733655429cd0cddcba2b49a6763f`
SHA3	`31814db42b9fc0d119c5da0ba6ac5f66eb14cc120adf960ae6b203a15a7677ea`
VirtualSize	`0x1b40`
VirtualAddress	`0x19000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x17800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.90447`

.pdata

MD5	`632ced34f6e1f1df491b2c90b03b3c6f`
SHA1	`33557c63a077ee85c5ed1a1658d1927f7817896d`
SHA256	`34d182599deb0f3da5fb0fc36adb7a79c50992a45bb410feed8b3cd0f0719856`
SHA3	`6a5b1d3beb4978ac5f7d2baff8c5108e9d88c54a11406b573d8e48705bcd2f2e`
VirtualSize	`0xf24`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x18400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.6905`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0x1c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x19400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`82fe1ca97bce552f90fc54b8e42867b3`
SHA1	`194443a647b287aa5b09183f6c8aeafd1efc3a1c`
SHA256	`05147dbce78f96f80ca96e1142b30c8b6f52707abd660ffe959477b12d567b7c`
SHA3	`62a51430cf3827fde5046f8f8c3003f80231f7f97f1a2d51e19ff6388dc36c4f`
VirtualSize	`0x8100`
VirtualAddress	`0x1d000`
SizeOfRawData	`0x8200`
PointerToRawData	`0x19600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.01664`

.reloc

MD5	`1d87f455636e59a938e449c09beef0d0`
SHA1	`623eeafc4b0576faa1b456edf89e9a8f0e21d3db`
SHA256	`cb38119cd1b452b27ed051053cfdfb5aedf4553480dd00195efd2057101b2b7f`
SHA3	`5f3b075204a71737103af45ec18e49a172ebc23c01387c0341fab7cb58e6c8e4`
VirtualSize	`0x660`
VirtualAddress	`0x26000`
SizeOfRawData	`0x800`
PointerToRawData	`0x21800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.8848`

Imports

KERNEL32.dll	`CreateProcessA` `SetCurrentDirectoryW` `CloseHandle` `GetFileAttributesA` `GetLastError` `CreateFileW` `WriteConsoleW` `GetModuleFileNameW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `GetStartupInfoW` `GetModuleHandleW` `RtlUnwindEx` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `EncodePointer` `RaiseException` `RtlPcToFileHeader` `GetStdHandle` `WriteFile` `ExitProcess` `GetModuleHandleExW` `HeapAlloc` `HeapFree` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `InitializeCriticalSectionEx` `VirtualProtect` `LCMapStringW` `GetProcessHeap` `HeapSize` `HeapReAlloc` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `SetFilePointerEx`
USER32.dll	`MessageBoxA`
ADVAPI32.dll	`RegDeleteKeyA` `RegCreateKeyExA` `RegSetValueExA` `RegOpenKeyExA` `RegEnumKeyExA` `RegCloseKey`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.61875`
MD5	`04b920e75e7dabf16cba0b4ad4b664aa`
SHA1	`0bc6ca081f4445c31e27f2042bd3855c015a19af`
SHA256	`01858192ce8242567a0a896d7f0cc6ea9ad67f30c5d4c9bd0a01963ec54fc485`
SHA3	`49c168db57e1df2dd74eb8e98f1cf764f1aabe5c1e8caff0cbb4e8dd152300a6`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.18809`
MD5	`55a01512debd48a526273ce250eda889`
SHA1	`f4cea82c2144d9b36b68c18cc7869c353193d8df`
SHA256	`1d51aeb09805fccd538cf7966e96a34447989c2b33fc1e6f78b60a05f7a0f156`
SHA3	`7e343e0541e2faba8200d2bbe8c28c7dff8cc83896834181bb683b94f42e86ea`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.36357`
MD5	`73fd31d8f9151948a0e32df4cec09681`
SHA1	`7f7d2683f3619d8c0a188a4beb8ba25e7bca07b8`
SHA256	`49421005ca0cc814f69e16a8530111597154265f914f9df7c6724d0d67295a06`
SHA3	`2a3ebe9652654bdb504a9add7d403a701c877b0863d7b45066f6c38655e90290`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.12582`
MD5	`31a528bbbf5bb5b7c129f000e4593a4a`
SHA1	`ede3c90f743ad6145febd67eca6c55b2e6a34f8c`
SHA256	`aad827bace4e44f2715cfa216abfe74891af9f33ecd8232a37d2f17a8968e81b`
SHA3	`baf2fa7d1e85ddd3577ddf1981dd5f6a49be79e81f9b06cf31f120132036d837`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x35e4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.93884`
Detected Filetype	PNG graphic file
MD5	`8eb0a6397c09e1a89ba7fb4e1feeb83e`
SHA1	`d598641eab2ae8d43156a23f2eb3b10a32eb1bb3`
SHA256	`2bed98f01bfe5a594bc07f16b146c0783baea1ef318c66dfd38ddf4510637991`
SHA3	`6f15404e23a8bfa800343ba7fe6a047cc37bc0ebeefc0d1124c1a0056a5bef3e`

101

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.64638`
Detected Filetype	Icon file
MD5	`7f6c4623eb851a126fbe3995abfe7fef`
SHA1	`36c6ce144d7f4dd9d69c8ac1da0cefe97737eea1`
SHA256	`086c4ff91fe9318274e4175c5fa40eee15a542963d1fb42401f9fc0cc00c02aa`
SHA3	`52117f108acb8d1bc9a99d6cd231a5d46ef882af2ffea8137fa5c4464ee1f833`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x30c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.38867`
MD5	`d206ed081a1db105238d9045c7b7124b`
SHA1	`890c59ce5444fac8c879a311eef07b42f3d95548`
SHA256	`39571dad851a15c3ad10394cb4f4fa2d00b1fecf566084d4a7c28102c6d4ece5`
SHA3	`155ab92530565bdf07eb4d45e67168a111fcd754486b0c484f4d96691ed47a3e`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.1
ProductVersion	1.0.0.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	Akeo Consulting
FileDescription	Windows Setup Wrapper
FileVersion (#2)	1.0
InternalName	Setup
LegalCopyright	Â© 2024 Pete Batard (GPL v3)
LegalTrademarks	https://rufus.ie/setup
OriginalFilename	setup.exe
ProductName	Setup
ProductVersion (#2)	1.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Jul-10 09:53:41
Version	`0.0`
SizeofData	`73`
AddressOfRawData	`0x17160`
PointerToRawData	`0x15b60`
Referenced File	D:\a\rufus\rufus\res\setup\x64\Release\setup.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Jul-10 09:53:41
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x171ac`
PointerToRawData	`0x15bac`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Jul-10 09:53:41
Version	`0.0`
SizeofData	`840`
AddressOfRawData	`0x171c0`
PointerToRawData	`0x15bc0`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2025-Jul-10 09:53:41
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140019000`

RICH Header

XOR Key	`0x3c9072f6`
Unmarked objects	`0`
C++ objects (33140)	`143`
C objects (33140)	`12`
ASM objects (33140)	`8`
ASM objects (35207)	`9`
C objects (35207)	`17`
C++ objects (35207)	`40`
Imports (33140)	`7`
Total imports	`102`
C objects (LTCG) (35209)	`1`
Resource objects (35209)	`1`
151	`1`
Linker (35209)	`1`

Errors

Leave a comment

No comments yet.