gruel[.]exe | Triage

Resubmissions

11/07/2024, 05:35

240711-f98j1s1fpl 7

04/06/2023, 22:55

230604-2wf4haea68 7

02/10/2022, 09:50

221002-lt5q3saab2 10

Sharing

Copy URL Twitter E-mail

General

Target

gruel.exe
Size

100KB
MD5

b0feccddd78039aed7f1d68dae4d73d3
SHA1

8fcffb3ae7af33b9b83af4c5acbb044f888eeabf
SHA256

5714efd4746f7796bbc52a272f8e354f67edfb50129d5fdaa1396e920956d0d6
SHA512

b02b9476eeb9c43fcfef56949f867c1c88f152d65f3961a2838b8bff02df2383945aefb9a8c517ac78d79b5a9163c7677f5b6238f4624b1966994c9c09eb428d
SSDEEP

1536:ThBfyxwMz14BSSQGRwmkwmGDAzGC6TaPAlbv/g:1BKxwMz14wSQGGUDAATaPAlbv/g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gruel.exe

Files

gruel.exe
.exe windows:4 windows x86 arch:x86

Password: infected

5c7433b2a8bfdbd866a519f5ce78aa7b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
MethCallEngine
ord516
ord662
ord593
ord594
ord595
ord520
ord631
ord632
ord526
EVENT_SINK_AddRef
ord529
DllFunctionCall
ord670
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
ord607
ord608
ord716
ord534
ProcCallEngine
ord536
ord537
ord570
ord648
ord576
ord685
ord100
ord689
ord610
ord616
ord617
ord619
ord580
ord581

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ