Manalyze report for 8af14b7591b03628f610f5306e45f4d6d716ec32a4d416d629ae5e81a6de1140

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Apr-18 20:51:34
Detected languages	English - United States
Debug artifacts	C:\Users\craig\source\repos\uMRC\Release\umrc-client.pdb

Plugin Output

Suspicious	The PE contains functions most legitimate programs don't use.	`Leverages the raw socket API to access the Internet: WSAGetLastError freeaddrinfo recv connect socket send WSAStartup getaddrinfo shutdown closesocket WSACleanup`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`df24b0560c80b9996e77657f59e0b6b1`
SHA1	`25368a270f01982f2b5832e9b2145381d07c74ae`
SHA256	`8af14b7591b03628f610f5306e45f4d6d716ec32a4d416d629ae5e81a6de1140`
SHA3	`1794d7579b8fcca14290a4d183a917e862a4ba159ca2877778c653916cc91519`
SSDeep	`1536:IQPKnCZFQNf7q7+/OKLgogoQbWP3orqF470ZkMdpBgNlInjJLON2:0CZzogPWwrd7apBgNlInjJC`
Imports Hash	`a169c37fffbb9f89b77fbbebc9227781`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2026-Apr-18 20:51:34
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x8800`
SizeOfInitializedData	`0x7e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00008C20 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xa000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x13000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`1e8cdbfc1c641961880e1a20cf79a43d`
SHA1	`55c689e1d4899aba6ac8ffdd03127abdc8f0e636`
SHA256	`eda72afa268eb3d0d99330f80d27dea4e4ddf4c693418db9f30de466d545a34a`
SHA3	`2b5470e59636187e99ac7f3859f8934ceeee2b50a15a78cfd7a4742556b1ce82`
VirtualSize	`0x86d1`
VirtualAddress	`0x1000`
SizeOfRawData	`0x8800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.35627`

.rdata

MD5	`e85621702810aaba2511316e3d1e41f1`
SHA1	`c8f68860aa18019f4246c6f1d5c12d944373385c`
SHA256	`5a34d610d1bedb90126f74ac95a708cdc25ff0e61775b85b9ddcbedde4df86d7`
SHA3	`640a653733dce43a94ac90fe601540c46ed85ef9aa3efa9d015c6c610badfe27`
VirtualSize	`0x39d6`
VirtualAddress	`0xa000`
SizeOfRawData	`0x3a00`
PointerToRawData	`0x8c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.42139`

.data

MD5	`fdbdb1c2387678c778e99c4691368ee4`
SHA1	`41bef96fb2ab6f0b62ccb56f26e9ec5fbad2d86b`
SHA256	`a823c4d32903d3f1496d99f93ad90d0b510fe25ea4d513d8c4f07026bf051461`
SHA3	`9e41e670dbb97f76af35d8e6eca53cd84c462e2b0d28804c033877c34a7679b6`
VirtualSize	`0x1228`
VirtualAddress	`0xe000`
SizeOfRawData	`0x400`
PointerToRawData	`0xc600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.27169`

.rsrc

MD5	`819292d7bf16e365d511e6c5ebf580b1`
SHA1	`b3a5dc2d39e994e5ab3d67502b46aa2d0a1f7384`
SHA256	`d478c988693fbaacf00ea17642f4b13ec54c97042aa5f0b4d73319f0c06e8743`
SHA3	`8f0a1aacd44eaac326cef4c0ab3f003cf22ce06103145a73de7a43d46c75e9cd`
VirtualSize	`0x1e60`
VirtualAddress	`0x10000`
SizeOfRawData	`0x2000`
PointerToRawData	`0xca00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.82984`

.reloc

MD5	`17db4fbe801d257396db383bc7fe06dc`
SHA1	`56b0fbac9182f1da624b2f783db85e1def0eb8d5`
SHA256	`99812eeed710611bafba04acdd76c16465e1bca005dac409bb6de40c6b5d183f`
SHA3	`3d5cb59f2d305e6efbab89342778f1366227c46dd3f98603eb7377ed58c693cc`
VirtualSize	`0xe50`
VirtualAddress	`0x12000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xea00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.47326`

Imports

ODOORS62.dll	`_od_clr_scr@0` `od_control` `_od_scroll@24` `_od_init@0` `od_printf` `_od_clr_line@0` `_od_disp_str@4` `_od_exit@8` `_od_send_file@4` `_od_set_cursor@8` `_od_putch@4` `_od_get_answer@4` `_od_get_input@12` `_od_disp_emu@8` `_od_sleep@4` `_od_parse_cmd_line@4` `_od_get_key@4`
KERNEL32.dll	`Sleep` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `GetStartupInfoW` `GetModuleHandleW` `CreateDirectoryA` `CreateThread` `GetFileAttributesA` `UnhandledExceptionFilter` `FindClose` `FindFirstFileA` `FindNextFileA`
USER32.dll	`LoadImageA`
WS2_32.dll	`WSAGetLastError` `freeaddrinfo` `recv` `connect` `socket` `send` `WSAStartup` `getaddrinfo` `shutdown` `closesocket` `WSACleanup`
VCRUNTIME140.dll	`strstr` `__current_exception_context` `memset` `_except_handler4_common` `__current_exception` `strchr` `memcpy`
api-ms-win-crt-heap-l1-1-0.dll	`malloc` `calloc` `free` `realloc` `_set_new_mode`
api-ms-win-crt-string-l1-1-0.dll	`strncpy_s` `isalnum` `tolower` `_strnicmp` `_strdup` `strcpy_s` `isdigit` `strcat_s` `strncmp` `_stricmp` `strtok_s` `toupper`
api-ms-win-crt-stdio-l1-1-0.dll	`_set_fmode` `fgets` `fclose` `__stdio_common_vfprintf` `__stdio_common_vsnprintf_s` `fwrite` `fopen_s` `fread` `__p__commode`
api-ms-win-crt-time-l1-1-0.dll	`_ctime64_s` `clock` `_localtime64_s` `_time64`
api-ms-win-crt-convert-l1-1-0.dll	`atoi`
api-ms-win-crt-utility-l1-1-0.dll	`srand` `rand`
api-ms-win-crt-filesystem-l1-1-0.dll	`remove` `_stat64i32`
api-ms-win-crt-runtime-l1-1-0.dll	`_crt_atexit` `terminate` `_initialize_onexit_table` `_seh_filter_exe` `_set_app_type` `_register_onexit_function` `_configure_narrow_argv` `_initialize_narrow_environment` `_get_narrow_winmain_command_line` `_initterm` `_initterm_e` `exit` `_exit` `_cexit` `_c_exit` `_register_thread_local_exe_atexit_callback` `_controlfp_s`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

203

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x338`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.49209`
MD5	`9f68255d241a69dd59a1c9c106f7f4f1`
SHA1	`9de98423007d9d11937ef826c39d2d84aa7568ff`
SHA256	`622b1f43607048300d4ed3b10d4823b9d7b7b6fa09f7195a9a215f647c21a892`
SHA3	`64cfdc2e4f7592ca7afabb0f857870fbbeab4c0381570a46aaa6aea38bf94c59`
Preview

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.18867`
MD5	`02cf30c3dd404c656631a58d8adb5b54`
SHA1	`c42a238b4d624c71d1816d567254b404f75229a6`
SHA256	`b8f1a8c6303352cb962f4b73c5f04659bb9b98a5db68792689591a451d7f6409`
SHA3	`424e8d544c7ca45460959a732d44e72732c7b0a36277a345b571d04fb1a77d07`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.24882`
MD5	`698e33fee6e89df9acc8c18ac6cd40bc`
SHA1	`8bb51c4e7e966047a3e40b5ebe39ac62b59321d3`
SHA256	`910d2a79383355b06d6e42ea4502b56eac78723e4bf27947bde932d61e68087e`
SHA3	`fb7cee68d95375ebfb6a9233aec153962210f72b1fd1b01f8665d378529e008a`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.75044`
MD5	`9db60012d2b73978182b02527d99d045`
SHA1	`4ac2035db116058bbddfc3535ac905b9c9c842fa`
SHA256	`52e79d7f7e4834c0e7129beb59b896f50f40f1151bd36ddc423537115c94e4b0`
SHA3	`c4682565ae577bb7281c0edf3e01d781669e1238b0f4683696ac908bf48b22f1`

200

Type	`RT_MENU`
Language	English - United States
Codepage	UNKNOWN
Size	`0x31c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.43993`
MD5	`97199ef3286b6525affbdb925312c4fc`
SHA1	`b55ec4f450ba5f937c6cb89f989a6d19ac558c2d`
SHA256	`1ba4a698995b4aac04d2597dffa6dc39e620290d6597c13ae1bf89f6cfffe038`
SHA3	`6a6b9a9eb2ee01673b55e08e278adcb55e8f2a9d33f09807054e23831be912b7`

201

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x222`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.47629`
MD5	`75b440769e098f871b4fdf101bb3ca3f`
SHA1	`1758d7aa8b7525a9b1766594d211123d78f983af`
SHA256	`7e0933107834d1e8562dedf0ebdd9290634338ec163ed4defc36b066e668aa1d`
SHA3	`2abde69868ce3d65bd3cb677fd90b2fd9bc0f5f829e21753700d2b042821f9af`

205

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2ae`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35567`
MD5	`28558458e783c14c55261dbc65135af8`
SHA1	`95dd259b5d00467b008e945356e09e3520540389`
SHA256	`b5f713e2a1fc4a4800edfae19feeb5d69dee4fe77b028f3d63b61e3397c49af8`
SHA3	`65c1d19ddbf47cf416681291cf4398692ca7037a26c4129111a170a5397dcbcf`

207

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x7e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.05657`
MD5	`c39216f45325c57535b003ca265f35f7`
SHA1	`0a9db06b13d6ed68eab7fa152bb7060bf901e1bc`
SHA256	`6208f3f820931ce715fcff3dc89a774926b23929f13c34c82d4a16bee29f271d`
SHA3	`738b5005f21f233cef1c9b5a0ad913ddd544fbf13ffefb6725ec12fc3b21e152`

3126

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x52c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.1958`
MD5	`744f0994be2c933df923924838530651`
SHA1	`f117aa6da33a59f05101e4aadf1af1a35a8dcc8c`
SHA256	`160e18089acd404848493469ae680ee2732b59efe8a0996e650b80915c9fbe97`
SHA3	`850212c4879a83b55fd399391ad901cab4d8b05410e4843640915f2f324d8aa6`

3127

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0xfe`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.92865`
MD5	`e9d3a293b67996512ba9155700cb9c98`
SHA1	`cca3c8a5eec2dd8f545ef01fd0394d594f7e2a3c`
SHA256	`9b20b036f6e1add8cb88b5f962b1e000b1cfb81c30cf0154c1a63cd1440d8aa0`
SHA3	`d749841d66ded5e6d21b515e64e79a04460d024ee0a223ec98a5f0e1d7b573e9`

204

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x58`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.95638`
MD5	`575ade9d8dbff04859fe45fce56812a9`
SHA1	`2e267ef7c4ee67859cf2707c21d34c08778eb89d`
SHA256	`e867d776bfec44fbb516b47322b3c99617c76be0db90c3232669cc1fd5ba1e6d`
SHA3	`1d8d8945470f68babf4d9911bc4bed4b35ecae588305d4aa4d8aa9291c212cf3`

202

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.37086`
Detected Filetype	Icon file
MD5	`d59e0d372ea5fd8c1f4de744376a6af4`
SHA1	`6883ce60e71a83424db0b41d0ab6bf61080e3de2`
SHA256	`b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b`
SHA3	`5e39df982879204dd9f129a37d1e1c2ff906e88de9ae01b4418db5e8455e7ae1`

206

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.32322`
Detected Filetype	Icon file
MD5	`ce9c092856a8bcd1503927da430e18e7`
SHA1	`8eecabfe2727710867c6b7223b32f490b1caf133`
SHA256	`483aa261cce96256ff045257f2834d1cc43b6194f5d30533c0f18776aa7367f2`
SHA3	`203afac5a8b0c87581e30850450c0d112d2c7172b934b0bb67b442dd0f8a918e`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

String Table contents

Enters or exits chat mode, allowing you to communicate with the remote user.
Causes any keys or commands from the remote user to be ignored.
Reserves the system for the sysop after this user logs off (if supported by BBS).
Hangs up the modem and exits the door.
Increases the user's time remaining by one minute.
Increases the user's time remaining by five minutes.
Decreases the user's time remaining by one minute.
Decreases the user's time remaining by five minutes.
Enables the timer that will log off the user after a long period of no activity.
Displays program information and copyright.
Shows or hides the toolbar.
Exits the door without hanging up.
Hangs up the modem, denying any further access to the user (if supported by BBS).
Shows or hides the status bar.

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Apr-18 20:51:34
Version	`0.0`
SizeofData	`81`
AddressOfRawData	`0xcb70`
PointerToRawData	`0xb770`
Referenced File	C:\Users\craig\source\repos\uMRC\Release\umrc-client.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Apr-18 20:51:34
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0xcbc4`
PointerToRawData	`0xb7c4`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Apr-18 20:51:34
Version	`0.0`
SizeofData	`620`
AddressOfRawData	`0xcbd8`
PointerToRawData	`0xb7d8`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-Apr-18 20:51:34
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0xc0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x40e000`
SEHandlerTable	`0x40cb00`
SEHandlerCount	`1`

RICH Header

XOR Key	`0x47df2914`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`20`
Imports (35207)	`2`
ASM objects (35207)	`2`
C objects (35207)	`12`
C++ objects (35207)	`20`
Imports (33145)	`6`
Imports (35222)	`3`
Total imports	`120`
C objects (LTCG) (35225)	`3`
Resource objects (35225)	`1`
151	`1`
Linker (35225)	`1`

Errors

Leave a comment

No comments yet.