gcleaner | 1708-104-0x0000000000400000-0x0000000001527000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1708-104-0x0000000000400000-0x0000000001527000-memory.dmp
Size

17.2MB
MD5

474a353fcef62bd6f590854d0ce46a4c
SHA1

5fc3b067f153385c3a7f8ffa9765c21a6f607a55
SHA256

3a494f46d7605c5d48266957f711f70f22c5fc0e82ba16db792cc3e7a9aeda54
SHA512

a535e4ea496e529b48a5dd605a218ab81d7709e149b080da98f8f7fd0b56e9d8fdd5c1a1fe197acba0c27ee101c2e2d5adc34072bc9629bb26f5e0108c19d0d2
SSDEEP

12288:msYSsp5R3j0Tj4XaW4I7NM0B9a0VyZLOSfmiTG:S3JNBKgSOt

Score

10^/10

gcleaner

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Attributes

url_path
/default/puk.php

Signatures

Gcleaner family
gcleaner

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1708-104-0x0000000000400000-0x0000000001527000-memory.dmp

Files

1708-104-0x0000000000400000-0x0000000001527000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ