gcleaner | 2264-3-0x0000000000400000-0x0000000000440000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2264-3-0x0000000000400000-0x0000000000440000-memory.dmp
Size

256KB
MD5

26fc67466fe04bdfe04ec17a798f9557
SHA1

4290d95020b19450a97ea514ac6f2325572b776b
SHA256

1283c9042de48dd0cc038a15479a17b266a0ee8819570f24d3c5faeeebca68a3
SHA512

a063c67733d9300693e11a69c493cb38834168986225478d1e95ed06b36ec3b29d5254c8983c85659574c98cf548c2ecb77e818efe6b1ab847bc305a6829f139
SSDEEP

6144:CsltJl4QHobmrPt6yY/q2pRUi3C0IngUmpD5XocFQkwx+dlrKbx038mmTBMZD4A/:CsltJlrIbmrPt6yY/q2pRUi3C0IngUmR

Score

10^/10

gcleaner

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

5.42.65.64

Signatures

Gcleaner family
gcleaner

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2264-3-0x0000000000400000-0x0000000000440000-memory.dmp

Files

2264-3-0x0000000000400000-0x0000000000440000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ