Gcsoft_Server[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Gcsoft_Server.exe
Size

249KB
MD5

10cc3fb2836dfa6968d6de58d435aae0
SHA1

33461d8d1330f38018a9a7dfc43d7edfd7976e56
SHA256

3145940812829e5f2c99d705e50f223c12ab15f44b207f996dc689c87f1d6297
SHA512

fb8ae94a789961122e3d2f12096fbaf0a16485e6f39fa9adb211e185dfeb5757b53de67e3483d011ddbd665d00edf00f18f292dab66dcb8e2b0e016fba3f5305
SSDEEP

6144:uXc1/qArLuEXf7SbXf794T0qSXWL0L0LoLcLVLsL:R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Gcsoft_Server.exe

Files

Gcsoft_Server.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Code_C#\济宁晟华ERP(企业微信)\HTruck2023_ERPServer\obj\x86\Debug\Gcsoft_Server.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ