Ada binaries are being misidentified as C binaries

[qqzero0]

Ada binaries are not being correctly detected and are instead being identified as C binaries.

I have a YARA rule for my use case that may help. It works with both stripped and non-stripped x64 Windows binaries:

import "pe"

rule Ada_binary
{
    meta:
        description = "Detects ADA binaries"
        author = "qqzero0"
        confidence = "high"

    strings:
        $a1 = "GNAT_FILE_NAME_CASE_SENSITIVE" ascii wide
        $a2 = "for Ada/dwarf" ascii wide
        $a3 = "Ada Core Technologies" ascii wide
        $a4 = "ADA.IO_EXCEPTIONS.LAYOUT_ERROR" ascii wide
        $a5 = "ADA.STRINGS" ascii wide

    condition:
        pe.is_pe and 2 of ($a*)
}

[DevX-Cipher]

@qqzero0 is the same in the latest beta build, please check

[qqzero0]

Yeah, it's reproducible both in Beta 3.11 and 3.10 Build.

[BJNFNE]

Yeah, it's reproducible both in Beta 3.11 and 3.10 Build.

Can you provide few sample files?

[qqzero0]

https://gofile.io/d/60jUmn

[DevX-Cipher]

The latest beta 3.2.0 @qqzero0

[qqzero0]

Also reproducible in 3.2.0