× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b0c2bce753bb54fb213ac4d969469c7614308f4961ce3df8823f7b6c7d236d25
File name: STUDENT_MONE.EXE
Detection ratio: 2 / 68
Analysis date: 2018-10-27 00:52:43 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
VBA32 Trojan.Downloader 20181026
Zillya Trojan.GenericKD.Win32.86495 20181026
Ad-Aware 20181027
AegisLab 20181027
AhnLab-V3 20181026
Alibaba 20180921
ALYac 20181026
Antiy-AVL 20181026
Arcabit 20181027
Avast 20181026
Avast-Mobile 20181026
AVG 20181026
Avira (no cloud) 20181026
Babable 20180918
Baidu 20181026
BitDefender 20181026
Bkav 20181025
CAT-QuickHeal 20181026
ClamAV 20181026
CMC 20181026
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181027
Cyren 20181026
DrWeb 20181027
eGambit 20181027
Emsisoft 20181027
Endgame 20180730
ESET-NOD32 20181026
F-Prot 20181027
F-Secure 20181026
Fortinet 20181026
GData 20181027
Ikarus 20181026
Sophos ML 20180717
Jiangmin 20181026
K7AntiVirus 20181026
K7GW 20181025
Kaspersky 20181026
Kingsoft 20181027
Malwarebytes 20181027
MAX 20181027
McAfee 20181026
McAfee-GW-Edition 20181027
Microsoft 20181026
eScan 20181026
NANO-Antivirus 20181026
Palo Alto Networks (Known Signatures) 20181027
Panda 20181026
Qihoo-360 20181027
Rising 20181026
SentinelOne (Static ML) 20181011
Sophos AV 20181026
SUPERAntiSpyware 20181022
Symantec 20181026
Symantec Mobile Insight 20181026
TACHYON 20181027
Tencent 20181027
TheHacker 20181025
TotalDefense 20181026
TrendMicro 20181026
TrendMicro-HouseCall 20181027
Trustlook 20181027
VIPRE 20181026
ViRobot 20181026
Webroot 20181027
Yandex 20181026
ZoneAlarm by Check Point 20181026
Zoner 20181026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 10:58 AM 12/13/2018
Signers
[+] DynEd International, Inc.
Status Valid
Issuer thawte SHA256 Code Signing CA
Valid from 1:00 AM 1/12/2017
Valid to 12:59 AM 2/2/2020
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 5D9A4D2DEA5A1E3D9D9B35FF5F213DA02CDD6B00
Serial number 57 07 86 07 78 F0 CF CB 49 E4 24 7F ED E0 01 3F
[+] thawte SHA256 Code Signing CA
Status Valid
Issuer thawte Primary Root CA
Valid from 1:00 AM 12/10/2013
Valid to 12:59 AM 12/10/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint D00CFDBF46C98A838BC10DC4E097AE0152C461BC
Serial number 71 A0 B7 36 95 DD B1 AF C2 3B 2B 9A 18 EE 54 CB
[+] thawte
Status Valid
Issuer thawte Primary Root CA
Valid from 1:00 AM 11/17/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 91C6D6EE3E8AC86384E548C299295C756C817B81
Serial number 34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-05 15:28:26
Entry Point 0x0000CD94
Number of sections 5
PE sections
Overlays
MD5 3347db6949cba87f01b0c66bb40e8194
File type data
Offset 17199104
Size 4480
Entropy 7.46
PE imports
GetDeviceCaps
CreateDCA
DeleteDC
CreateFontIndirectA
SelectObject
GetTextExtentPoint32A
SetTextAlign
ExtTextOutA
DeleteObject
SetBkColor
GetBkColor
SetTextColor
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
_llseek
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
_lopen
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetOEMCP
LocalFree
GetEnvironmentVariableA
GlobalHandle
FindClose
InterlockedDecrement
FormatMessageA
SetLastError
GetSystemTime
InitializeCriticalSection
CopyFileA
ExitProcess
FlushFileBuffers
RemoveDirectoryA
GetVolumeInformationA
LoadLibraryExA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
_lclose
SetUnhandledExceptionFilter
GetSystemDirectoryA
MoveFileExA
TerminateProcess
WriteConsoleA
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetVersion
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GlobalLock
_lread
GetProcessHeap
FindFirstFileA
CreateFileMappingA
FindNextFileA
GlobalMemoryStatus
GetProcAddress
CreateFileW
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
DosDateTimeToFileTime
LCMapStringW
HeapCreate
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
GetModuleFileNameA
GetEnvironmentStrings
GetCurrentProcessId
SetFileTime
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetCurrentThreadId
CreateProcessA
UnmapViewOfFile
VirtualFree
GetLongPathNameA
Sleep
VirtualAlloc
Number of PE resources by type
RT_ICON 13
RT_STRING 7
RT_DIALOG 2
RT_MANIFEST 1
WZ_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 25
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:08:05 16:28:26+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
86016

LinkerVersion
8.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0xcd94

InitializedDataSize
339968

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 5523afbfb3ba413c0c39b75d7dd53452
SHA1 638d02af8ebf911f06b9913d637110e226edec5f
SHA256 b0c2bce753bb54fb213ac4d969469c7614308f4961ce3df8823f7b6c7d236d25
ssdeep
393216:6Is7EM0abJyJtwVjDgvrSROcbjYaiSISY0xmgtFjIE:hirI7akWRH3dG00gHt

authentihash b7a87d814965452db4ee40d9b9ced4cb359a5156acf6ccbd67434b43584a3d26
imphash cc000e0a56358759c95f653af1246259
File size 16.4 MB ( 17203584 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Winzip Win32 self-extracting archive (generic) (68.5%)
Win32 Executable (generic) (13.4%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2018-08-30 19:53:18 UTC ( 3 months, 2 weeks ago )
Last submission 2018-12-13 10:52:28 UTC ( 3 days, 13 hours ago )
File names STUDENT_MONE.EXE
STUDENT_MONE.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Deleted files
Created processes
Opened mutexes
Runtime DLLs