Student[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Student.exe
Size

492KB
MD5

ece218209eb4f03087c477225b17219a
SHA1

68ed636149de0136c8f7c6fb98d9c886ef9977fb
SHA256

29f3221c918cc2e8861c9ed6507f0e00559f55be0b13db0de44cfff62948a025
SHA512

78486bc1ac38df8c8c5fd14de08a35a5e5e5eb23a111bdd7da7e0a7fdeb6f1faecb0c1f9db55f481beb58179f8a97012cd731d7ca453c7281794d1cd3171707d
SSDEEP

6144:NKTv9xWhJQbG6342OpytjAl4HbamZAa3QcOPWgfF4TL6:cvbWHQan4H+mZpG1STL6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Student.exe

Files

Student.exe
.exe windows:4 windows x86

ea504f4c6f0e300f5f86892144bc11a1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAGetLastError
setsockopt
WSAStartup
ioctlsocket
accept
listen
send
recv
recvfrom
sendto
inet_ntoa
bind
inet_addr
gethostbyname
gethostname
closesocket
socket
WSACleanup

winmm

PlaySoundA

setupapi

SetupDiGetClassDevsA
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiOpenClassRegKey
SetupDiEnumDeviceInfo

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

rpcrt4

UuidCreate

mpr

WNetGetUserA

comctl32

_TrackMouseEvent
ImageList_GetIcon

wininet

InternetCrackUrlA
InternetCloseHandle
HttpEndRequestA
InternetReadFile
InternetOpenA
HttpOpenRequestA
InternetConnectA
HttpSendRequestA

kernel32

VirtualFree
VirtualAlloc
GetComputerNameA
lstrlenA
HeapFree
GetProcessHeap
HeapAlloc
GetModuleFileNameA
CreateProcessA
GetTickCount
SetErrorMode
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
GetFileSize
ReadFile
WaitForSingleObject
GetCurrentProcess
TerminateProcess
GetShortPathNameA
GetCurrentDirectoryA
CreateEventA
SetCurrentDirectoryA
CreateThread
GetExitCodeProcess
GetCurrentProcessId
QueryPerformanceFrequency
FindResourceA
LoadResource
LockResource
SizeofResource
SearchPathA
SetThreadPriority
Process32Next
WaitForMultipleObjects
MulDiv
GetVersion
lstrcpyA
LocalLock
LocalAlloc
LocalUnlock
LocalFree
GetSystemTime
SystemTimeToFileTime
CompareFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatA
GetTimeFormatA
VirtualAllocEx
GetExitCodeThread
OpenEventA
CreateRemoteThread
VirtualFreeEx
WriteProcessMemory
InterlockedIncrement
GetCPInfo
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitThread
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
Process32First
CreateToolhelp32Snapshot
QueryPerformanceCounter
DeviceIoControl
FreeLibrary
GetProcAddress
GetModuleHandleA
GetLocaleInfoA
LoadLibraryA
OpenProcess
GetVersionExA
CloseHandle
WriteFile
CreateFileA
GetLastError
GetCurrentThreadId
ResetEvent
SetEvent
Sleep
OutputDebugStringA
lstrcatA
GetSystemDirectoryA
GetWindowsDirectoryA
CreateDirectoryA
GetFileType
DeleteCriticalSection
ExitProcess
FatalAppExitA
HeapReAlloc
HeapDestroy
HeapCreate
HeapSize
GetConsoleCP
LCMapStringW
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetConsoleMode
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSection
SetConsoleCtrlHandler
InterlockedExchange
GetTimeZoneInformation
SetStdHandle
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
SetEndOfFile
CompareStringA
CompareStringW
GetCurrentThread
SetEnvironmentVariableA

user32

BeginDeferWindowPos
DeferWindowPos
SetScrollRange
SetWindowLongA
EndDeferWindowPos
SetScrollPos
SetClassLongA
IsIconic
SetWindowWord
GetClientRect
SetCapture
EnableMenuItem
IsZoomed
PtInRect
ReleaseCapture
GetSysColor
InflateRect
DrawFrameControl
EnableWindow
IsWindowUnicode
SystemParametersInfoA
SendMessageTimeoutA
RegisterWindowMessageA
EndDialog
DefWindowProcA
EndPaint
PostQuitMessage
TranslateMessage
DrawTextA
IsDialogMessageA
ScrollWindow
TranslateAcceleratorA
GetMessageA
ShowWindow
DrawIcon
MapVirtualKeyA
CreateWindowExA
LoadAcceleratorsA
UpdateWindow
RegisterClassExA
SetForegroundWindow
BeginPaint
LoadIconA
MoveWindow
GetWindowWord
DialogBoxParamA
GetWindowPlacement
ShowCursor
MessageBoxA
mouse_event
MessageBeep
OpenDesktopA
GetActiveWindow
InvalidateRect
keybd_event
ExitWindowsEx
EnumWindows
GetWindowTextA
IsWindowVisible
DrawIconEx
GetClassNameA
GetForegroundWindow
WindowFromPoint
GetWindowLongA
SetRect
DestroyIcon
GetDC
SetCursorPos
GetCursorPos
EnumDisplaySettingsA
ReleaseDC
GetWindowThreadProcessId
FindWindowA
wsprintfA
GetClassLongA
LoadImageA
SetThreadDesktop
GetThreadDesktop
CloseDesktop
GetUserObjectInformationA
OpenInputDesktop
DispatchMessageA
PeekMessageA
PostThreadMessageA
SetWindowPos
OffsetRect
CopyRect
GetWindowRect
GetDesktopWindow
GetParent
wvsprintfA
UnregisterClassA
RegisterClassA
GetScrollRange
TrackPopupMenu
LoadCursorA
GetSystemMetrics
GetIconInfo
DestroyCursor
GetDlgItemTextA
SetTimer
KillTimer
CreateDialogParamA
LoadStringA
PostMessageA
DestroyWindow
GetDlgItem
SetFocus
SendDlgItemMessageA
SetDlgItemTextA
GetSystemMenu
ClientToScreen
GetDoubleClickTime
SetCursor
GetWindowDC
SetWindowRgn
LoadBitmapA
RedrawWindow
EnumChildWindows
CharNextA
SendMessageA
IsWindow
GetWindowTextLengthA

gdi32

UnrealizeObject
Polygon
CreateSolidBrush
CreatePen
GetTextExtentPoint32A
GetStockObject
CreatePatternBrush
ExtTextOutA
SetBkColor
GetBkColor
SetBrushOrgEx
SetDIBits
CombineRgn
CreateRectRgn
GetObjectA
CreateFontIndirectA
DPtoLP
PatBlt
SetTextColor
SetBkMode
SetDIBitsToDevice
StretchDIBits
GetDeviceCaps
GetCurrentObject
GetPixel
GetRegionData
BitBlt
DeleteDC
SelectObject
CreateDIBSection
GetDIBits
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
ExtEscape

advapi32

OpenProcessToken
DuplicateTokenEx
SetTokenInformation
RegRestoreKeyA
StartServiceCtrlDispatcherA
RegNotifyChangeKeyValue
RegSaveKeyA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetServiceStatus
RegisterServiceCtrlHandlerA
RegFlushKey
AdjustTokenPrivileges
LookupPrivilegeValueA
CreateProcessAsUserA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegEnumValueA
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
StartServiceA
ControlService
RegCloseKey
RegSetValueExA
RegCreateKeyA
CloseServiceHandle
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RevertToSelf
ImpersonateLoggedOnUser
GetUserNameA

shell32

ShellExecuteA
SHGetFileInfoA
Shell_NotifyIconA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

Sections

.text
Size: 288KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea504f4c6f0e300f5f86892144bc11a1

Headers

File Characteristics

Imports

wsock32

winmm

setupapi

version

rpcrt4

mpr

comctl32

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 288KB - Virtual size: 284KB

.rdata Size: 44KB - Virtual size: 42KB

.data Size: 12KB - Virtual size: 119KB

.rsrc Size: 144KB - Virtual size: 140KB

.text
Size: 288KB - Virtual size: 284KB

.rdata
Size: 44KB - Virtual size: 42KB

.data
Size: 12KB - Virtual size: 119KB

.rsrc
Size: 144KB - Virtual size: 140KB