Manalyze report for 6962b6f42bc442e2a822608817222c93c7ef03f34476337608b170d4d76fd5f3

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-May-06 13:43:49
Detected languages	English - United States
TLS Callbacks	2 callback(s) detected.
CompanyName	WireGuard LLC
FileDescription	WireGuard Installer: Fast, Modern, Secure VPN Tunnel
FileVersion	`1.0`
InternalName	wireguard-installer
LegalCopyright	Copyright Â© 2015-2026 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
OriginalFilename	wireguard-installer.exe
ProductName	WireGuard
ProductVersion	`1.0`
Comments	https://www.wireguard.com/

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Info	Interesting strings found in the binary:	`Contains domain names: download.wireguard.com https://download.wireguard.com https://download.wireguard.com/windows-client/ https://www.wireguard.com https://www.wireguard.com/ wireguard.com www.wireguard.com zx2c4.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA256`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExA` `Has Internet access capabilities: WinHttpCloseHandle WinHttpConnect WinHttpOpen WinHttpOpenRequest WinHttpQueryHeaders WinHttpReadData WinHttpReceiveResponse WinHttpSendRequest WinHttpSetOption`
Info	The PE is digitally signed.	`Signer: WireGuard LLC` `Issuer: Sectigo Public Code Signing CA EV R36`
Safe	VirusTotal score: 0/71 (Scanned on 2026-06-29 00:02:40)	`All the AVs think this file is safe.`

Hashes

MD5	`1bf9cc7f07133beb89f211f3b7036644`
SHA1	`40c7c567fde1ce97740a35cb305e1c2a1affa190`
SHA256	`6962b6f42bc442e2a822608817222c93c7ef03f34476337608b170d4d76fd5f3`
SHA3	`2dfc8d4c0a042b21ababc4369f9e7f8473e6956ef1d2d889118661668f0dd141`
SSDeep	`1536:hjsN7fIPlWbKy5+9+q0xkJVj4xq/4i98+aGrI1DOb:hYRI052/0xUV0wQi98+aGKDOb`
Imports Hash	`194075c3ab202bbc8996d2e312fa78df`

DOS Header

e_magic	`MZ`
e_cblp	`0x78`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0`
e_ss	`0`
e_sp	`0`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x78`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2026-May-06 13:43:49
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x9200`
SizeOfInitializedData	`0x9000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001000 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`0.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0x1b000`
SizeOfHeaders	`0x400`
Checksum	`0x24d09`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2f5330cf51a40d6e15df2e81a3d19b21`
SHA1	`18763a3008930303291f4509ebb8ed71b8e49588`
SHA256	`3760489ed2ba04cc20a490e99a65d1c72cc223ecb9abfbec148bee881b14bf03`
SHA3	`009ce74b4e2c7523ff1e1cca2631b79e272e5cd5585e1282dab486738b88451a`
VirtualSize	`0x90b9`
VirtualAddress	`0x1000`
SizeOfRawData	`0x9200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.36621`

.rdata

MD5	`89fd5e0563851ecad6f4c13b34995a32`
SHA1	`c06c7b23c58dec641014e53f5789f313e64c5f3b`
SHA256	`ee615fc0272a30cc261e2d01485236795d9ba4c0f984eea81e9a239784626a7d`
SHA3	`d8ba3ef5a3b05552c955ae98d8a777730001dd6466dc9f09db9a790ffdb881c2`
VirtualSize	`0x1edd`
VirtualAddress	`0xb000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x9600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.50652`

.data

MD5	`2a562b1e994fd6a26eab132dd845a128`
SHA1	`9cbece55a7ecccde3913879ca4abdd52049691d5`
SHA256	`29629edcb7c2ccfe30064aff79f80b3b5dc54b822fd1724ed21ef36cfb9a96c3`
SHA3	`e4342f99316a0c7036dd412036cf9cec04a28a8b355a30c86d9cbb2ec14d2fef`
VirtualSize	`0x4518`
VirtualAddress	`0xd000`
SizeOfRawData	`0x200`
PointerToRawData	`0xb600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.26414`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x8`
VirtualAddress	`0x12000`
SizeOfRawData	`0x200`
PointerToRawData	`0xb800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`11d8dcd9773fab3ec59e86d6304ce939`
SHA1	`973e61a48556ffbe2a1a83d80cea0eea31697082`
SHA256	`44f7609228cf41181213503eea78d36b1d3e0994f03bcc39de24bc57f9b562b5`
SHA3	`fb3af5899e37ba3c1dbb97045baec7ff4909e9bd4d0ffdc59a87e44e273e56ab`
VirtualSize	`0x6290`
VirtualAddress	`0x13000`
SizeOfRawData	`0x6400`
PointerToRawData	`0xba00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.51658`

.reloc

MD5	`2bd5dd66ad100ea14a4648c23733dec4`
SHA1	`1262edba38afe86d778aa4f3e8ba8284e690080f`
SHA256	`5d75aa6aa9a05e2a7b436adc31b463629c8ea2b7f6eb6e44b75a841404485b81`
SHA3	`29a1b20e0102df72a4850eacc5f00f1a3392812bce83744f22fa64937a322fd6`
VirtualSize	`0x66c`
VirtualAddress	`0x1a000`
SizeOfRawData	`0x800`
PointerToRawData	`0x11e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.90925`

Imports

KERNEL32.dll	`CloseHandle` `CreateFileA` `CreateThread` `DeleteCriticalSection` `DeleteFileA` `EnterCriticalSection` `FreeLibrary` `GetCommandLineW` `GetCurrentProcess` `GetLastError` `GetModuleHandleA` `GetProcAddress` `GetStartupInfoA` `GetWindowsDirectoryA` `InitializeCriticalSection` `IsDBCSLeadByte` `IsWow64Process` `LeaveCriticalSection` `LoadLibraryA` `LoadLibraryExA` `LocalAlloc` `LocalFree` `MultiByteToWideChar` `RaiseException` `SetDefaultDllDirectories` `SetDllDirectoryA` `SetFileInformationByHandle` `SetUnhandledExceptionFilter` `Sleep` `TlsGetValue` `VirtualProtect` `VirtualQuery` `WriteFile`
NTDLL.dll	`RtlGetNtVersionNumbers`
api-ms-win-crt-stdio-l1-1-0.dll	`__acrt_iob_func` `__p__commode` `__p__fmode` `__stdio_common_vfprintf` `__stdio_common_vsnprintf_s` `fflush` `setvbuf`
api-ms-win-crt-runtime-l1-1-0.dll	`__p___argc` `__p___argv` `__p__acmdln` `_cexit` `_configure_narrow_argv` `_crt_atexit` `_exit` `_initialize_narrow_environment` `_initterm` `_initterm_e` `_set_app_type` `_set_invalid_parameter_handler` `abort` `exit` `signal`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `calloc` `free` `malloc`
api-ms-win-crt-private-l1-1-0.dll	`memchr` `memcmp` `memcpy`
api-ms-win-crt-string-l1-1-0.dll	`memset` `strlen` `strncmp` `_wcsicmp`
api-ms-win-crt-convert-l1-1-0.dll	`strtoul` `wcstoul`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-environment-l1-1-0.dll	`__p__environ`
WINHTTP.dll (delay-loaded)	`WinHttpCloseHandle` `WinHttpConnect` `WinHttpOpen` `WinHttpOpenRequest` `WinHttpQueryHeaders` `WinHttpReadData` `WinHttpReceiveResponse` `WinHttpSendRequest` `WinHttpSetOption`

Delayed Imports

Attributes	`0x1`
Name	`WINHTTP.dll`
ModuleHandle	`0xd040`
DelayImportAddressTable	`0xd088`
DelayImportNameTable	`0xc0e4`
BoundDelayImportTable	`0`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.22035`
MD5	`f2e7565364e3ccf3e66a37ddaa415376`
SHA1	`93e2b0723fd6bdb2b859877bd889c3dadb90f33f`
SHA256	`b0d86c5246ae3d7dc8f8f6c3b4f799233eddfbf92256d32323bd0130935e8230`
SHA3	`1a3309d6695ff2389b384c906f3105fb95eaccefcab82823a28d018cece8dbb4`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.75254`
MD5	`09fab80d891d25315af9bb45aeb20310`
SHA1	`63cc8016143a2fadff1196f652dfc72884eb0173`
SHA256	`8f2100d2cb2f70777086bbfa786669eb4877e00a99f84cb2b9f9f18fb12db67b`
SHA3	`5b8384edd733fdee014ec67e05f9aa285969d7f2a71444f275e52b1ab16c4a8e`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.14621`
MD5	`ca9a4f5f205e5593065d1fddcd6aedb5`
SHA1	`97a27bdb45c3de1900357a95aaaa210e01fded84`
SHA256	`63d5a6e6f859f53f628a3951fce11ca9e96f7207fa35b0eb6266a6e6c1b7ad41`
SHA3	`9518b5814612d15657eed45ce9ae45d2c1d603ce5f7f494258a7f666459fa25b`

7

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.50016`
Detected Filetype	Icon file
MD5	`cbb5e98bc6f602fa33226e9855c470b9`
SHA1	`5071ae4f377f2871312db58d780103c0dc1ee3d7`
SHA256	`eb1d25243ea4e9b60ccffd55dc287a2201689aa6a43eb840f01062c9338b0004`
SHA3	`bb9a1bb4e586cbb19a837f3cebff51056dfa2fb754ecd8795a9d6e6abf162780`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3ec`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.47376`
MD5	`9ee91cea6030c655fddb8b754f1d5262`
SHA1	`33144e440f13dfde3f381bfb348dc5b5ed6063e4`
SHA256	`d813e69acb9729dd91aec998c6e7ad3c7dfc0a55265ffb86257ef15727df7646`
SHA3	`ebdd914c8da274b5308d106cddf55c99148fa864ae9b70b4c16aa0188f205d38`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5a1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.95739`
MD5	`3e99fe5c76c37577abd0995b20da4876`
SHA1	`ffd4294d46bfaceb7055344abcd9b77604cc1f98`
SHA256	`fd1a972ecdfe2d925c284a680f5b8eba760a58d04f3fff42619a32d2c3446653`
SHA3	`5f416fef4c5e082812c120da84b67a50d3c3a4de6a895106f3debce3a7b69bb1`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	WireGuard LLC
FileDescription	WireGuard Installer: Fast, Modern, Secure VPN Tunnel
FileVersion (#2)	1.0
InternalName	wireguard-installer
LegalCopyright	Copyright Â© 2015-2026 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
OriginalFilename	wireguard-installer.exe
ProductName	WireGuard
ProductVersion (#2)	1.0
Comments	https://www.wireguard.com/

Resource LangID	UNKNOWN

TLS Callbacks

StartAddressOfRawData	`0x412000`
EndAddressOfRawData	`0x412004`
AddressOfIndex	`0x40d18c`
AddressOfCallbacks	`0x40bf90`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`0x004013D0` `0x00401450`

Load Configuration

Size	`0xc0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0`
SEHandlerTable	`0`
SEHandlerCount	`0`

RICH Header

Errors

Leave a comment

No comments yet.