student[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

student.exe
Size

5.1MB
MD5

f44d6879c25707ac948c9cf50c57c141
SHA1

03fc21c5c16e1b3fde980fabcad70534c5ee8a7c
SHA256

373e387b38714993c214f59ae9cd409b8c88cc8ed75309878fe9fa6682b01707
SHA512

231b7025865d102b7baa88658688ca684f5671d8122bdfb022c9cea7205ac435c631d21161206cf32b6e1801cd7885b42bb9872391ec5197e211442927af4862
SSDEEP

98304:jpUQZ7q3EW38S+LpdFy9t6WkLXMK8njzXwB/d1ky+18A:jplZ7Wt3UuHjzAniy+r

Score

1^/10

Malware Config

Signatures

Files

student.exe
.exe windows:5 windows x86

9b9d4341ff88b7ef8f855fcbedd17842

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:da:c4:89:f6:3f:3d:ea:e9:9b:46:8d:74:b8:45:fa
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

06/04/2022, 00:00

Not After

05/04/2024, 23:59

Subject

CN=Stoneware\, Inc.,O=Stoneware\, Inc.,ST=Indiana,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/06/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ff:38:3d:56:86:d7:21:cd:90:15:e7:2c:5d:2b:6a:15:31:d4:8f:70:2e:43:d5:50:b1:d4:4e:20:b8:d4:29:b5
Signer

Actual PE Digest

ff:38:3d:56:86:d7:21:cd:90:15:e7:2c:5d:2b:6a:15:31:d4:8f:70:2e:43:d5:50:b1:d4:4e:20:b8:d4:29:b5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

httpapi

HttpInitialize
HttpAddUrl
HttpRemoveUrl
HttpTerminate
HttpReceiveHttpRequest
HttpSendHttpResponse
HttpSendResponseEntityBody
HttpCreateHttpHandle

winmm

mixerGetLineControlsA
mixerSetControlDetails
waveInReset
waveInStop
waveInOpen
waveInClose
waveInPrepareHeader
waveInAddBuffer
waveInUnprepareHeader
waveOutReset
waveOutOpen
waveOutClose
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutWrite
mixerGetLineInfoA
mixerClose
mixerGetDevCapsA
mixerOpen
mixerGetNumDevs
mixerGetControlDetailsA
PlaySoundA
waveInStart

setupapi

SetupDiOpenClassRegKey
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstallParamsA
SetupDiClassGuidsFromNameExA
SetupDiGetClassDevsExA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInfoListDetailA
SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
SetupDiGetDeviceRegistryPropertyA
SetupDiCreateDeviceInfoListExA
SetupDiOpenDeviceInfoA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

mpr

WNetGetUserA

comctl32

ImageList_Add
ImageList_GetIcon
_TrackMouseEvent
ImageList_Create

wininet

InternetCrackUrlA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
HttpEndRequestA
InternetCloseHandle
HttpQueryInfoA
InternetCanonicalizeUrlA
HttpAddRequestHeadersA
InternetErrorDlg

wtsapi32

WTSEnumerateSessionsA
WTSFreeMemory
WTSQuerySessionInformationA

gdiplus

GdipDeleteGraphics
GdipMeasureString
GdipCreateImageAttributes
GdipGetImageHeight
GdipLoadImageFromFileICM
GdipDrawImageRectI
GdipGraphicsClear
GdipDrawImagePointRectI
GdipSetTextRenderingHint
GdipSetImageAttributesColorKeys
GdipDrawImagePointsRectI
GdipCreateBitmapFromGdiDib
GdipCreateFromHDC
GdipGetImageWidth
GdipGetImageEncoders
GdipLoadImageFromFile
GdiplusShutdown
GdiplusStartup
GdipDrawString
GdipCreateBitmapFromStream
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipFillRectangle
GdipDrawRectangle
GdipDeletePen
GdipCreatePen1
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipBitmapSetResolution
GdipSaveImageToStream
GdipDisposeImageAttributes
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipGetImageThumbnail
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteFont
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipGetImageGraphicsContext
GdipSetCompositingMode
GdipDrawImageI
GdipGetImageEncodersSize

msi

ord8
ord71
ord93

psapi

GetProcessImageFileNameA
GetModuleFileNameExA

iphlpapi

GetBestInterface
GetIpAddrTable

ws2_32

gethostbyname
connect
sendto
recvfrom
inet_ntoa
inet_addr
setsockopt
send
recv
accept
getsockname
listen
bind
htons
htonl
ioctlsocket
WSAGetLastError
socket
closesocket
getsockopt
getaddrinfo
getnameinfo
freeaddrinfo
WSASetLastError
WSAStartup
WSACleanup
gethostname
ntohs

crypt32

CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertOpenSystemStoreA
CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertCloseStore

kernel32

GetACP
GetOEMCP
IsValidCodePage
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetFileInformationByHandle
PeekNamedPipe
FindFirstFileExA
ExitProcess
SetConsoleCtrlHandler
RtlUnwind
LCMapStringW
CompareStringW
UnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
IsProcessorFeaturePresent
SetStdHandle
GetConsoleCP
SetHandleCount
FatalAppExitA
GetTimeZoneInformation
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetCurrentDirectoryW
WriteConsoleW
GetDriveTypeW
SetEnvironmentVariableA
GetCPInfo
ReadConsoleA
SetConsoleMode
GetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
GetStdHandle
GetFileType
GetModuleHandleW
FindFirstFileW
FindNextFileW
CreateFiber
GetDateFormatA
DeleteFiber
InterlockedExchangeAdd
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetEnvironmentVariableW
GetModuleHandleExW
VirtualAllocEx
VirtualFreeEx
CreateRemoteThread
GetFileAttributesExA
CompareFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcpyA
GetVersion
LocalUnlock
LocalLock
LoadLibraryExA
GetEnvironmentVariableA
MulDiv
ResumeThread
ReadConsoleW
ExitThread
OpenEventA
SetThreadPriority
SearchPathA
WTSGetActiveConsoleSessionId
SetCurrentDirectoryA
GetCurrentDirectoryA
GetShortPathNameA
GetTempFileNameA
SetFilePointerEx
SetErrorMode
ExpandEnvironmentStringsA
QueryPerformanceFrequency
WinExec
ProcessIdToSessionId
VerifyVersionInfoA
VerSetConditionMask
VirtualAlloc
VirtualFree
GetComputerNameA
GetPrivateProfileIntA
EndUpdateResourceA
UpdateResourceA
BeginUpdateResourceA
QueryDosDeviceA
GetTimeFormatA
GetLocaleInfoW
DecodePointer
EncodePointer
GetStringTypeW
lstrlenW
InterlockedExchange
SwitchToFiber
RaiseException
LoadLibraryA
GetProcAddress
FreeLibrary
GetLastError
GetCurrentThread
GetCurrentProcess
CloseHandle
OutputDebugStringA
Sleep
lstrcatA
CreateEventA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
GetTickCount
SetThreadExecutionState
WaitForSingleObject
InterlockedDecrement
ResetEvent
InterlockedIncrement
CreateThread
FindResourceExW
FindResourceW
LoadResource
WideCharToMultiByte
GetVolumeInformationA
SizeofResource
LockResource
GetVersionExA
QueryPerformanceCounter
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetEnvironmentStrings
GetSystemInfo
GetCurrentThreadId
GetCurrentProcessId
SetFileAttributesA
GetModuleHandleA
CreateDirectoryA
HeapAlloc
GetProcessHeap
HeapFree
CreateFileA
GetFileSize
ReadFile
GetSystemTime
SystemTimeToFileTime
FindResourceA
GetFileAttributesA
FindFirstChangeNotificationA
WaitForMultipleObjects
FindCloseChangeNotification
FindNextChangeNotification
FindFirstFileA
FindNextFileA
FindClose
WriteFile
GetProcessTimes
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
CreateMutexW
HeapCompact
SetFilePointer
TryEnterCriticalSection
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
InterlockedCompareExchange
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
UnlockFileEx
FormatMessageA
LoadLibraryW
FormatMessageW
GetVersionExW
HeapDestroy
HeapCreate
HeapValidate
GetFileAttributesW
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
HeapSize
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetFileAttributesExW
DeleteFileW
GetTempPathA
LocalFree
AreFileApisANSI
DeleteFileA
OpenProcess
GetExitCodeProcess
GetLocalTime
WritePrivateProfileStringA
CreateProcessA
GetPrivateProfileStringA
ReadDirectoryChangesW
CancelIo
GetWindowsDirectoryA
GetSystemDirectoryA
SetLastError
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
GetExitCodeThread
DeviceIoControl
GetDriveTypeA
lstrlenA
ReleaseMutex
CreateMutexA
ReadProcessMemory
GetModuleFileNameA
GetLocaleInfoA
CreateToolhelp32Snapshot
Process32First
Process32Next
TerminateProcess
LocalAlloc
WriteProcessMemory
SetUnhandledExceptionFilter

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetDIBits
BitBlt
GetObjectA
GetBitmapBits
GetDIBits
CreateSolidBrush
SetTextColor
SetBkColor
GetTextMetricsA
GetTextFaceA
CreateFontIndirectA
GetDeviceCaps
CombineRgn
CreateDIBSection
SetBkMode
GetRegionData
GetCurrentObject
GetPixel
GetStockObject
SetStretchBltMode
SetBrushOrgEx
StretchDIBits
SetDIBitsToDevice
PatBlt
GetTextExtentPoint32A
CreateBrushIndirect
StretchBlt
ExtTextOutA
DPtoLP
UnrealizeObject
GetBkColor
CreatePatternBrush
CreatePen
Polygon
DeleteObject
DeleteDC
ExtEscape
CreateDCA
CreateRectRgn

winspool.drv

ClosePrinter
GetPrinterA
EnumJobsA
SetPrinterA
OpenPrinterA
EnumPrintersA

ole32

CoInitialize
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
CoCreateInstance
CoInitializeEx
CreateStreamOnHGlobal

oleaut32

GetErrorInfo
VariantInit
SetErrorInfo
SysAllocString
SysStringLen
SysFreeString
VariantChangeType
CreateErrorInfo
VariantClear

shlwapi

ord12
PathCombineA

bcrypt

BCryptGenRandom

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 685KB - Virtual size: 685KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b9d4341ff88b7ef8f855fcbedd17842

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

3d:da:c4:89:f6:3f:3d:ea:e9:9b:46:8d:74:b8:45:faCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0Certificate

Extended Key Usages

Key Usages

ff:38:3d:56:86:d7:21:cd:90:15:e7:2c:5d:2b:6a:15:31:d4:8f:70:2e:43:d5:50:b1:d4:4e:20:b8:d4:29:b5Signer

Headers

DLL Characteristics

File Characteristics

Imports

httpapi

winmm

setupapi

version

mpr

comctl32

wininet

wtsapi32

gdiplus

msi

psapi

iphlpapi

ws2_32

crypt32

kernel32

gdi32

winspool.drv

ole32

oleaut32

shlwapi

bcrypt

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 685KB - Virtual size: 685KB

.data Size: 37KB - Virtual size: 2.7MB

.rsrc Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 161KB - Virtual size: 161KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

3d:da:c4:89:f6:3f:3d:ea:e9:9b:46:8d:74:b8:45:fa
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

ff:38:3d:56:86:d7:21:cd:90:15:e7:2c:5d:2b:6a:15:31:d4:8f:70:2e:43:d5:50:b1:d4:4e:20:b8:d4:29:b5
Signer

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 685KB - Virtual size: 685KB

.data
Size: 37KB - Virtual size: 2.7MB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 161KB - Virtual size: 161KB