× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f83c691bdd72889991c6f4bd6d97747324c65bc13176ce65b4c29bef56b471dd
File name: F83C691BDD72889991C6F4BD6D97747324C65BC13176CE65B4C29BEF56B471DD
Detection ratio: 2 / 56
Analysis date: 2017-01-31 20:04:28 UTC ( 2 years ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_89% (D) 20161024
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20170131
Ad-Aware 20170131
AegisLab 20170131
AhnLab-V3 20170131
Alibaba 20170122
ALYac 20170131
Antiy-AVL 20170131
Arcabit 20170131
Avast 20170131
AVG 20170131
Avira (no cloud) 20170131
AVware 20170131
Baidu 20170125
BitDefender 20170131
CAT-QuickHeal 20170131
ClamAV 20170131
CMC 20170131
Comodo 20170131
Cyren 20170131
DrWeb 20170131
Emsisoft 20170131
ESET-NOD32 20170131
F-Prot 20170131
F-Secure 20170131
Fortinet 20170131
GData 20170131
Ikarus 20170131
Sophos ML 20170111
Jiangmin 20170131
K7AntiVirus 20170131
K7GW 20170131
Kaspersky 20170131
Kingsoft 20170131
Malwarebytes 20170131
McAfee 20170131
McAfee-GW-Edition 20170131
Microsoft 20170131
eScan 20170131
NANO-Antivirus 20170131
nProtect 20170131
Panda 20170131
Rising 20170131
Sophos AV 20170131
SUPERAntiSpyware 20170131
Symantec 20170131
Tencent 20170131
TheHacker 20170129
TotalDefense 20170131
TrendMicro 20170131
TrendMicro-HouseCall 20170131
Trustlook 20170131
VBA32 20170131
VIPRE 20170131
ViRobot 20170131
WhiteArmor 20170123
Yandex 20170131
Zillya 20170131
Zoner 20170131
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
All rights reserved. Northglide

Product Multitasked
Original name Multitasked
Internal name Multitasked
File version 8.9.8.5
Description Evaded Technology usage Workgroups Corresponding
Comments Evaded Technology usage Workgroups Corresponding
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-31 19:44:35
Entry Point 0x00005B03
Number of sections 4
PE sections
PE imports
FlatSB_GetScrollRange
FlatSB_GetScrollProp
GetObjectA
CreateDCA
DeleteDC
SelectObject
Ellipse
CreatePen
SetViewportOrgEx
CreateFontIndirectA
CreateSolidBrush
SetTextAlign
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetNetworkParams
GetAdaptersInfo
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
GetDriveTypeA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
lstrcatA
GetLogicalDrives
FreeEnvironmentStringsW
EnumTimeFormatsA
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetTimeZoneInformation
LoadResource
InterlockedDecrement
GetFullPathNameW
SetLastError
TlsGetValue
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
ExitThread
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
VirtualQuery
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetProcAddress
CompareStringW
lstrcpyA
CompareStringA
GlobalLock
CreateEventW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
GetEnvironmentStrings
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
InterlockedCompareExchange
RaiseException
TlsFree
SetFilePointer
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
FindResourceExW
VirtualFree
Sleep
VirtualAlloc
WNetAddConnection2A
VariantChangeType
VariantClear
VariantInit
RasSetAutodialEnableA
RasGetErrorStringA
RasHangUpA
RasDialA
RasSetSubEntryPropertiesW
RpcNsBindingImportBeginA
RpcNsBindingImportNext
RpcNsBindingImportDone
RpcServerUseProtseqEpA
I_RpcServerSetAddressChangeFn
RpcBindingFree
RpcStringBindingComposeA
RpcMgmtWaitServerListen
RpcBindingFromStringBindingA
RpcStringFreeW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingSetAuthInfoA
RpcServerListen
SHGetPathFromIDListA
SHBrowseForFolderA
DragQueryFileA
StrTrimA
StrRetToStrA
EmptyClipboard
RegisterClipboardFormatA
GetParent
UpdateWindow
SetPropA
SetLayeredWindowAttributes
SendInput
CopyIcon
GetIconInfo
TrackMouseEvent
DefWindowProcA
GetDialogBaseUnits
GetPropA
GetClipboardData
GetCursorInfo
SetMenuItemInfoA
MessageBoxA
EnumDisplayDevicesA
GetDC
GetMenuItemInfoA
ReleaseDC
SetWindowTextA
wsprintfA
SetClipboardData
DrawIconEx
FindWindowExA
SendMessageA
GetClientRect
GetDlgItem
InsertMenuItemA
ClientToScreen
GetSubMenu
IsClipboardFormatAvailable
CreateWindowExA
GetMenuStringA
LoadImageA
GetMenuItemCount
CloseClipboard
OpenClipboard
DestroyWindow
EnumPrintersA
GdiplusShutdown
OpenColorProfileA
CoUnmarshalInterface
CreateStreamOnHGlobal
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CoLockObjectExternal
ReleaseStgMedium
RegisterDragDrop
CoCreateInstance
CoMarshalInterface
OleGetClipboard
CoInitializeEx
OleDuplicateData
CoTaskMemFree
CoGetClassObject
PE exports
Number of PE resources by type
Struct(800) 10
RT_ICON 7
Struct(241) 7
RT_STRING 5
BINDATA 5
PNG 5
RT_RCDATA 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 44
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
All rights reserved. Northglide

SubsystemVersion
5.0

Comments
Evaded Technology usage Workgroups Corresponding

Languages
English

LinkerVersion
9.0

ImageVersion
0.0

ProductName
Multitasked

FileVersionNumber
8.9.8.5

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
313856

PrivateBuild
8.9.8.5

FileTypeExtension
exe

OriginalFileName
Multitasked

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
8.9.8.5

TimeStamp
2017:01:31 20:44:35+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Multitasked

ProductVersion
8.9.8.5

FileDescription
Evaded Technology usage Workgroups Corresponding

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
All rights reserved. Northglide

MachineType
Intel 386 or later, and compatibles

CompanyName
Northglide

CodeSize
93184

FileSubtype
0

ProductVersionNumber
8.9.8.5

EntryPoint
0x5b03

ObjectFileType
Executable application

File identification
MD5 d43d682fa21b72c45fac80e0400fdcd6
SHA1 597bc86224dd0e2cf45d9aa2b775b2a54d3ce4fa
SHA256 f83c691bdd72889991c6f4bd6d97747324c65bc13176ce65b4c29bef56b471dd
ssdeep
6144:gF5dMzn4wvWvLowxKFg7jnS3ZrwWcoRweXLJp:6MehxKFg7UyHo3Np

authentihash 8c5f1cd3d9e1e4257fafd999eed4a8fc82cfa3df10df12312e088b51457e8762
imphash 9a155cff835fc006264fde3687be5468
File size 398.5 KB ( 408064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-01-31 20:04:28 UTC ( 2 years ago )
Last submission 2018-05-18 04:07:25 UTC ( 9 months ago )
File names Multitasked
626.png
36a0dc6318.png
429c7744fc2ea747.png
1dfa9726.png
e0.png
dd9.png
f83c691bdd72889991c6f4bd6d97747324c65bc13176ce65b4c29bef56b471dd.bin
70c96f5f2a09ab8.png
aceec5e0802ef.png
e3.png
8c539335274c58.png
5ba324c488.png
80a584079cb.png
b09cb.png
8051cd.png
7ef11d98084a0a7.png
3a811e8a0ed2eb.png
76ded6e17.png
2503e75.png
cd.png
2786a31.png
d4dd8a4edbe235.png
6bf6972a03472603.png
0d010365.png
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
HTTP requests
TCP connections
UDP communications