student[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

student.exe
Size

5.1MB
MD5

8748891eb1584c4502a15577d3075d41
SHA1

e0304bd87d1e7516ca6f49d8896fa8498b830ab5
SHA256

f2167589cc58e0bbb31100da792d13a9bcb8e98e511aa2405e896223a11ddabd
SHA512

a2c46761b31050f319f55d6e2de35ee59f22d427e9edf2f7a7061922aeafde44b56cdc6165e0523d01f21dacf20013d6eb10ce1b4627134b6d8e866de9169024
SSDEEP

98304:Rx9iA5FR7kozLG5k4iugdOsmX6Xpcvy3r3MKpeGVxG06Puy+1M:Rx935FJfzLjunX6XpmGVwyy+G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
student.exe

Files

student.exe
.exe windows:5 windows x86 arch:x86

9b9d4341ff88b7ef8f855fcbedd17842

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\work8g\ls-onprem\Windows\student\Release\student.pdb

Imports

httpapi

HttpInitialize
HttpAddUrl
HttpRemoveUrl
HttpTerminate
HttpReceiveHttpRequest
HttpSendHttpResponse
HttpSendResponseEntityBody
HttpCreateHttpHandle

winmm

mixerGetLineControlsA
mixerSetControlDetails
waveInReset
waveInStop
waveInOpen
waveInClose
waveInPrepareHeader
waveInAddBuffer
waveInUnprepareHeader
waveOutReset
waveOutOpen
waveOutClose
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutWrite
mixerGetLineInfoA
mixerClose
mixerGetDevCapsA
mixerOpen
mixerGetNumDevs
mixerGetControlDetailsA
PlaySoundA
waveInStart

setupapi

SetupDiOpenClassRegKey
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstallParamsA
SetupDiClassGuidsFromNameExA
SetupDiGetClassDevsExA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInfoListDetailA
SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
SetupDiGetDeviceRegistryPropertyA
SetupDiCreateDeviceInfoListExA
SetupDiOpenDeviceInfoA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

mpr

WNetGetUserA

comctl32

ImageList_Add
ImageList_GetIcon
_TrackMouseEvent
ImageList_Create

wininet

InternetCrackUrlA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
HttpEndRequestA
InternetCloseHandle
HttpQueryInfoA
InternetCanonicalizeUrlA
HttpAddRequestHeadersA
InternetErrorDlg

wtsapi32

WTSEnumerateSessionsA
WTSFreeMemory
WTSQuerySessionInformationA

gdiplus

GdipDeleteGraphics
GdipMeasureString
GdipCreateImageAttributes
GdipGetImageHeight
GdipLoadImageFromFileICM
GdipDrawImageRectI
GdipGraphicsClear
GdipDrawImagePointRectI
GdipSetTextRenderingHint
GdipSetImageAttributesColorKeys
GdipDrawImagePointsRectI
GdipCreateBitmapFromGdiDib
GdipCreateFromHDC
GdipGetImageWidth
GdipGetImageEncoders
GdipLoadImageFromFile
GdiplusShutdown
GdiplusStartup
GdipDrawString
GdipCreateBitmapFromStream
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipFillRectangle
GdipDrawRectangle
GdipDeletePen
GdipCreatePen1
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipBitmapSetResolution
GdipSaveImageToStream
GdipDisposeImageAttributes
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipGetImageThumbnail
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteFont
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipGetImageGraphicsContext
GdipSetCompositingMode
GdipDrawImageI
GdipGetImageEncodersSize

msi

ord8
ord71
ord93

psapi

GetProcessImageFileNameA
GetModuleFileNameExA

iphlpapi

GetBestInterface
GetIpAddrTable

ws2_32

gethostbyname
connect
sendto
recvfrom
inet_ntoa
inet_addr
setsockopt
send
recv
accept
getsockname
listen
bind
htons
htonl
ioctlsocket
WSAGetLastError
socket
closesocket
getsockopt
getaddrinfo
getnameinfo
freeaddrinfo
WSASetLastError
WSAStartup
WSACleanup
gethostname
ntohs

crypt32

CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertOpenSystemStoreA
CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertCloseStore

kernel32

GetACP
GetOEMCP
IsValidCodePage
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetFileInformationByHandle
PeekNamedPipe
FindFirstFileExA
ExitProcess
SetConsoleCtrlHandler
RtlUnwind
LCMapStringW
CompareStringW
UnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
IsProcessorFeaturePresent
SetStdHandle
GetConsoleCP
SetHandleCount
FatalAppExitA
GetTimeZoneInformation
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetCurrentDirectoryW
WriteConsoleW
GetDriveTypeW
SetEnvironmentVariableA
GetCPInfo
ReadConsoleA
SetConsoleMode
GetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
GetStdHandle
GetFileType
GetModuleHandleW
FindFirstFileW
FindNextFileW
CreateFiber
GetDateFormatA
DeleteFiber
InterlockedExchangeAdd
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetEnvironmentVariableW
GetModuleHandleExW
VirtualAllocEx
VirtualFreeEx
CreateRemoteThread
GetFileAttributesExA
CompareFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcpyA
GetVersion
LocalUnlock
LocalLock
LoadLibraryExA
GetEnvironmentVariableA
MulDiv
ResumeThread
ReadConsoleW
ExitThread
OpenEventA
SetThreadPriority
SearchPathA
WTSGetActiveConsoleSessionId
SetCurrentDirectoryA
GetCurrentDirectoryA
GetShortPathNameA
GetTempFileNameA
SetFilePointerEx
SetErrorMode
ExpandEnvironmentStringsA
QueryPerformanceFrequency
WinExec
ProcessIdToSessionId
VerifyVersionInfoA
VerSetConditionMask
VirtualAlloc
VirtualFree
GetComputerNameA
GetPrivateProfileIntA
EndUpdateResourceA
UpdateResourceA
BeginUpdateResourceA
QueryDosDeviceA
GetTimeFormatA
GetLocaleInfoW
DecodePointer
EncodePointer
GetStringTypeW
lstrlenW
InterlockedExchange
SwitchToFiber
RaiseException
LoadLibraryA
GetProcAddress
FreeLibrary
GetLastError
GetCurrentThread
GetCurrentProcess
CloseHandle
OutputDebugStringA
Sleep
lstrcatA
CreateEventA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
GetTickCount
SetThreadExecutionState
WaitForSingleObject
InterlockedDecrement
ResetEvent
InterlockedIncrement
CreateThread
FindResourceExW
FindResourceW
LoadResource
WideCharToMultiByte
GetVolumeInformationA
SizeofResource
LockResource
GetVersionExA
QueryPerformanceCounter
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetEnvironmentStrings
GetSystemInfo
GetCurrentThreadId
GetCurrentProcessId
SetFileAttributesA
GetModuleHandleA
CreateDirectoryA
HeapAlloc
GetProcessHeap
HeapFree
CreateFileA
GetFileSize
ReadFile
GetSystemTime
SystemTimeToFileTime
FindResourceA
GetFileAttributesA
FindFirstChangeNotificationA
WaitForMultipleObjects
FindCloseChangeNotification
FindNextChangeNotification
FindFirstFileA
FindNextFileA
FindClose
WriteFile
GetProcessTimes
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
CreateMutexW
HeapCompact
SetFilePointer
TryEnterCriticalSection
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
InterlockedCompareExchange
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
UnlockFileEx
FormatMessageA
LoadLibraryW
FormatMessageW
GetVersionExW
HeapDestroy
HeapCreate
HeapValidate
GetFileAttributesW
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
HeapSize
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetFileAttributesExW
DeleteFileW
GetTempPathA
LocalFree
AreFileApisANSI
DeleteFileA
OpenProcess
GetExitCodeProcess
GetLocalTime
WritePrivateProfileStringA
CreateProcessA
GetPrivateProfileStringA
ReadDirectoryChangesW
CancelIo
GetWindowsDirectoryA
GetSystemDirectoryA
SetLastError
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
GetExitCodeThread
DeviceIoControl
GetDriveTypeA
lstrlenA
ReleaseMutex
CreateMutexA
ReadProcessMemory
GetModuleFileNameA
GetLocaleInfoA
CreateToolhelp32Snapshot
Process32First
Process32Next
TerminateProcess
LocalAlloc
WriteProcessMemory
SetUnhandledExceptionFilter

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetDIBits
BitBlt
GetObjectA
GetBitmapBits
GetDIBits
CreateSolidBrush
SetTextColor
SetBkColor
GetTextMetricsA
GetTextFaceA
CreateFontIndirectA
GetDeviceCaps
CombineRgn
CreateDIBSection
SetBkMode
GetRegionData
GetCurrentObject
GetPixel
GetStockObject
SetStretchBltMode
SetBrushOrgEx
StretchDIBits
SetDIBitsToDevice
PatBlt
GetTextExtentPoint32A
CreateBrushIndirect
StretchBlt
ExtTextOutA
DPtoLP
UnrealizeObject
GetBkColor
CreatePatternBrush
CreatePen
Polygon
DeleteObject
DeleteDC
ExtEscape
CreateDCA
CreateRectRgn

winspool.drv

ClosePrinter
GetPrinterA
EnumJobsA
SetPrinterA
OpenPrinterA
EnumPrintersA

ole32

CoInitialize
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
CoCreateInstance
CoInitializeEx
CreateStreamOnHGlobal

oleaut32

GetErrorInfo
VariantInit
SetErrorInfo
SysAllocString
SysStringLen
SysFreeString
VariantChangeType
CreateErrorInfo
VariantClear

shlwapi

ord12
PathCombineA

bcrypt

BCryptGenRandom

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 685KB - Virtual size: 685KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b9d4341ff88b7ef8f855fcbedd17842

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

httpapi

winmm

setupapi

version

mpr

comctl32

wininet

wtsapi32

gdiplus

msi

psapi

iphlpapi

ws2_32

crypt32

kernel32

gdi32

winspool.drv

ole32

oleaut32

shlwapi

bcrypt

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 685KB - Virtual size: 685KB

.data Size: 37KB - Virtual size: 2.7MB

.rsrc Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 161KB - Virtual size: 161KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 685KB - Virtual size: 685KB

.data
Size: 37KB - Virtual size: 2.7MB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 161KB - Virtual size: 161KB