gcleaner | 3040-55-0x0000000000400000-0x00000000005A8000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3040-55-0x0000000000400000-0x00000000005A8000-memory.dmp
Size

1.7MB
MD5

37bad7e289f1746d56f0bf763a1cc6c3
SHA1

9c14217c97c3378690acf9a002fb9ece976785a8
SHA256

6ab79f7d7cc232b309604e97db5682679a3c2142eaaf17666ca376b481ad8ff6
SHA512

d530e230cabcb3c907ac6fb7aa24000e179af873197927349002ef8be7bfb5a0e0eddcdd3a30368f85113a48fc53d7ecbfba5d348ffec793f6eb73f86c7bb877
SSDEEP

12288:kIIDnrv0/JgRc1SPe1EUMT4a+5jDa4IQKr:grJ4jeT

Score

10^/10

gcleaner

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Signatures

Gcleaner family
gcleaner

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3040-55-0x0000000000400000-0x00000000005A8000-memory.dmp

Files

3040-55-0x0000000000400000-0x00000000005A8000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ