× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c1ef2d78fe6c63bec7b3e582ef25e4ea9b903f72c4904401be31151cb1f71a11
File name: NsR MultiFunction.exe
Detection ratio: 0 / 51
Analysis date: 2014-04-26 11:59:33 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware 20140426
AegisLab 20140426
Yandex 20140425
AhnLab-V3 20140426
AntiVir 20140426
Antiy-AVL 20140426
Avast 20140426
AVG 20140426
Baidu-International 20140426
BitDefender 20140426
Bkav 20140426
ByteHero 20140426
CAT-QuickHeal 20140426
ClamAV 20140426
CMC 20140424
Commtouch 20140426
Comodo 20140426
DrWeb 20140426
Emsisoft 20140426
ESET-NOD32 20140426
F-Prot 20140426
F-Secure 20140426
Fortinet 20140426
GData 20140426
Ikarus 20140426
Jiangmin 20140426
K7AntiVirus 20140425
K7GW 20140425
Kaspersky 20140426
Kingsoft 20140426
Malwarebytes 20140426
McAfee 20140426
McAfee-GW-Edition 20140425
Microsoft 20140426
eScan 20140426
NANO-Antivirus 20140426
Norman 20140426
nProtect 20140425
Panda 20140426
Qihoo-360 20140426
Rising 20140426
Sophos 20140426
SUPERAntiSpyware 20140426
Symantec 20140426
TheHacker 20140425
TotalDefense 20140426
TrendMicro 20140426
TrendMicro-HouseCall 20140426
VBA32 20140425
VIPRE 20140425
ViRobot 20140426
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
JeffArts, NsR MultiFunction © 2014

Publisher JeffArts
Product NsR MF
Original name NsR MultiFunction.exe
Internal name NsR MultiFunction
File version 4.0.3.0
Description NsR MultiFunction Tools
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-14 02:35:58
Entry Point 0x0008474A
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
CloseServiceHandle
LookupPrivilegeValueA
RegEnumKeyExA
GetUserNameA
RegDeleteValueA
OpenProcessToken
AdjustTokenPrivileges
RegQueryValueExA
LockServiceDatabase
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
OpenSCManagerA
UnlockServiceDatabase
RegQueryInfoKeyA
RegConnectRegistryA
ImageList_Destroy
ImageList_AddMasked
ImageList_GetIconSize
Ord(6)
ImageList_Create
Ord(17)
ImageList_ReplaceIcon
GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError
CreatePolygonRgn
GetSystemPaletteEntries
GetTextMetricsA
GetClipBox
GetPixel
GetObjectA
ExcludeClipRect
EnumFontFamiliesExA
DeleteDC
SetBkMode
BitBlt
CreateDIBSection
SetTextColor
GetDeviceCaps
FillRgn
CreateEllipticRgn
CreateDCA
CreateFontA
GetStockObject
GetDIBits
GdiFlush
CreateRoundRectRgn
CreateCompatibleDC
GetTextFaceA
CreateRectRgn
SelectObject
CreateSolidBrush
GetClipRgn
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetPrivateProfileSectionNamesA
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
GetDriveTypeA
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleMode
SetErrorMode
FreeEnvironmentStringsW
SetFileAttributesA
GetTempPathA
WideCharToMultiByte
LoadLibraryW
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
QueryDosDeviceA
MoveFileA
GetEnvironmentVariableA
LoadResource
FindClose
InterlockedDecrement
FormatMessageA
OutputDebugStringA
SetLastError
GetSystemTime
DeviceIoControl
InitializeCriticalSection
WriteProcessMemory
GetModuleFileNameW
Beep
CopyFileA
ExitProcess
FlushFileBuffers
RemoveDirectoryA
HeapSetInformation
GetVolumeInformationA
LoadLibraryExA
GetPrivateProfileStringA
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointerEx
WritePrivateProfileSectionA
CreateMutexA
SetFilePointer
CreateThread
GetPrivateProfileSectionA
GetExitCodeThread
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
SetEnvironmentVariableA
SetPriorityClass
TerminateProcess
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
FreeLibrary
GlobalSize
GetDateFormatA
GetFileSize
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
ReadProcessMemory
GlobalLock
GetProcessHeap
GetFileSizeEx
FindFirstFileA
GetDiskFreeSpaceA
EnumResourceNamesA
CompareStringA
GetComputerNameA
FindNextFileA
GetProcAddress
CreateFileW
IsDebuggerPresent
GetFileType
SetVolumeLabelA
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
VirtualAllocEx
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
GetModuleFileNameA
GetShortPathNameA
FileTimeToLocalFileTime
SizeofResource
VirtualFreeEx
GetCurrentProcessId
LockResource
SetFileTime
HeapQueryInformation
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SetStdHandle
CreateProcessA
IsValidCodePage
HeapCreate
Sleep
WritePrivateProfileStringA
FindResourceA
GetTimeFormatA
SafeArrayDestroy
VariantChangeType
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayCreate
SafeArrayUnaccessData
VariantClear
SysAllocString
GetActiveObject
SafeArrayUnlock
VariantCopy
SysFreeString
SafeArrayLock
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCopy
OleLoadPicture
SysStringLen
GetModuleBaseNameA
GetModuleFileNameExA
ExtractIconA
ShellExecuteExA
DragFinish
SHGetFolderPathA
DragQueryPoint
SHBrowseForFolderA
SHGetDesktopFolder
DragQueryFileA
SHGetPathFromIDListA
Shell_NotifyIconA
SHGetMalloc
SHFileOperationA
RedrawWindow
GetMessagePos
SetWindowRgn
UnregisterHotKey
DestroyMenu
PostQuitMessage
GetForegroundWindow
SetWindowPos
IsWindow
DispatchMessageA
ScreenToClient
SetMenuItemInfoA
WindowFromPoint
SetActiveWindow
GetDC
IsCharAlphaA
GetAsyncKeyState
ReleaseDC
GetDlgCtrlID
GetKeyState
GetMenu
CreateWindowExA
mouse_event
IsClipboardFormatAvailable
SendMessageA
GetClientRect
SetMenuDefaultItem
CallNextHookEx
LoadAcceleratorsA
GetWindowTextLengthA
CountClipboardFormats
GetTopWindow
RegisterHotKey
EnumClipboardFormats
LoadImageA
GetMenuItemCount
GetWindowTextA
CopyImage
DestroyWindow
GetMessageA
GetParent
UpdateWindow
RegisterWindowMessageA
EnumWindows
CheckRadioButton
GetClassInfoExA
ShowWindow
SetMenuInfo
GetDesktopWindow
GetClipboardFormatNameA
EnableWindow
PeekMessageA
GetClipboardData
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
SystemParametersInfoA
GetIconInfo
SetParent
SetClipboardData
IsCharLowerA
CharLowerA
IsZoomed
EnableMenuItem
TrackPopupMenuEx
GetSubMenu
CreateMenu
GetKeyboardLayout
FlashWindow
GetSysColorBrush
CreateAcceleratorTableA
IsDialogMessageA
MapWindowPoints
MapVirtualKeyA
EmptyClipboard
SetFocus
keybd_event
KillTimer
VkKeyScanExA
DefWindowProcA
ToAsciiEx
SetClipboardViewer
GetClassNameA
SendDlgItemMessageA
GetSystemMetrics
IsIconic
GetWindowRect
PostMessageA
EnumChildWindows
SetWindowLongA
SetKeyboardState
CreatePopupMenu
CheckMenuItem
GetWindowLongA
PtInRect
DrawIconEx
SetTimer
GetDlgItem
BringWindowToTop
SendInput
ClientToScreen
PostMessageW
GetClassLongA
LoadCursorA
GetKeyboardState
SetWindowsHookExA
GetMenuStringA
AttachThreadInput
DestroyAcceleratorTable
CreateIconFromResourceEx
GetMenuItemID
FillRect
SetForegroundWindow
ExitWindowsEx
PostThreadMessageA
OpenClipboard
GetCursorPos
DrawTextA
IntersectRect
EndDialog
CreateIconIndirect
FindWindowA
SetWindowTextA
MessageBeep
GetCaretPos
RemoveMenu
GetWindowThreadProcessId
GetQueueStatus
AppendMenuA
UnhookWindowsHookEx
SetDlgItemTextA
MoveWindow
MessageBoxA
GetCursor
ChangeClipboardChain
AdjustWindowRectEx
LookupIconIdFromDirectoryEx
DialogBoxParamA
GetSysColor
RegisterClassExA
IsCharAlphaNumericA
DestroyIcon
IsWindowVisible
SetRect
InvalidateRect
SendMessageTimeoutA
IsCharUpperA
TranslateAcceleratorA
DefDlgProcA
CallWindowProcA
IsMenu
GetFocus
CloseClipboard
SetMenu
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
waveOutSetVolume
mixerGetDevCapsA
joyGetDevCapsA
mixerOpen
mixerGetLineInfoA
mixerSetControlDetails
mixerClose
mixerGetControlDetailsA
waveOutGetVolume
mixerGetLineControlsA
mciSendStringA
joyGetPosEx
WSAStartup
gethostbyname
gethostname
inet_addr
WSACleanup
CreateStreamOnHGlobal
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CoCreateInstance
CoGetObject
CLSIDFromString
StringFromGUID2
Number of PE resources by type
RT_ICON 10
RT_RCDATA 10
RT_GROUP_ICON 6
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 31
PE resources
ExifTool file metadata
Copyright
Copyright 2012-2014

SubsystemVersion
5.0

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.0.3.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
NsR MultiFunction Tools

CharacterSet
Unicode

InitializedDataSize
1327104

EntryPoint
0x8474a

OriginalFileName
NsR MultiFunction.exe

MIMEType
application/octet-stream

LegalCopyright
JeffArts, NsR MultiFunction 2014

FileVersion
4.0.3.0

TimeStamp
2014:02:14 03:35:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
NsR MultiFunction

ProductVersion
4.0.0.5

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
JeffArts

CodeSize
593920

ProductName
NsR MF

ProductVersionNumber
4.0.0.5

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 782bca948a52ae29ee397757e2f848be
SHA1 c9800a9a9fb4b647be960e5d5745c7f7610f87cf
SHA256 c1ef2d78fe6c63bec7b3e582ef25e4ea9b903f72c4904401be31151cb1f71a11
ssdeep
49152:Z3LyTTNfwaDjjDqSCqqV8J/TTQQgQwYYQQkunnnnvf//4v37jFFq/////fvv33HS:Z3ulfwaDjjDqSCqqV8J/TTQQgQwYYQQB

authentihash a5a06feb91a8d612d96d4131a4992fdca393593387656adfd5ef2b0ba993a473
imphash b3f61f3b5988c9b3549cceea4d79028c
File size 1.8 MB ( 1922048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows screen saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-04-26 06:01:28 UTC ( 3 years, 1 month ago )
Last submission 2015-08-03 00:05:09 UTC ( 1 year, 10 months ago )
File names NsR MultiFunction.exe
NsR MultiFunction
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications