grubinst[.]exe[.]1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

grubinst.exe.1
Size

60KB
MD5

3158819b990a49fc563e61c549a86628
SHA1

1a11f817dddc06dabe9db3d12eaf5e391ed898ee
SHA256

515b56b3aac6cc65187cf833608192df11d4f7d9056d8aea6158c35dcaf4893c
SHA512

9d243f04796701316120247381b73083389b8b2f6d21e3b6104bcd3d882386e9e24cfb4724d42ffd28acd29c9a72bbf4151b40a0a2ed9b89e50848e573f39459
SSDEEP

768:TqSS34TKkc/RnHl61kGbTkUXwh955cvDsfIahRdkfOhhwzFbIU7ioYKkmvktOiqT:T7ZOkSZFcb/XwJ5c7cIapCBotQHB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
grubinst.exe.1

Files

grubinst.exe.1
.exe windows:4 windows x86 arch:x86

b338d01052cdf5b613512746cbe05ed6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

_close
_lseek
_open
_read
_write
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_iob
_lseeki64
_onexit
_setmode
atexit
fflush
fgetc
fprintf
fputs
free
malloc
memcpy
memset
perror
signal
sprintf
strchr
strcmp
strcpy
strlen
strncmp
strtol
strtoul

kernel32

ExitProcess
SetUnhandledExceptionFilter

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 928B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE