gcleaner | e251796ce152f66c3744cdea70c47215a0612e32de1025bc70b002e4e4ae430b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e251796ce152f66c3744cdea70c47215a0612e32de1025bc70b002e4e4ae430b
Size

188KB
MD5

eaa1a57fc59bc17927c1f652f5ffab5f
SHA1

a2b7ae27d84352262efd904ece1074086a0c9e98
SHA256

e251796ce152f66c3744cdea70c47215a0612e32de1025bc70b002e4e4ae430b
SHA512

e5a202fd4c0f81f9acff2015e734f7ca0679535f29abf23b11bf40e2723c5e4347d45b0704cd1e68100b4143ec7816d4ed9e046de62a17ce41053192d7c01c5b
SSDEEP

3072:5N7iMf3nwVQywGvFt3II7A1lJJyjGbhCI6kiNqzua+8OqtOAg0Fuj0BrpqZaD:5N7iMfXwVQibIa6bTCIbiN9pAOcqZaD

Score

10^/10

gcleaner

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

185.172.128.69

Attributes

url_path
/advdlc.php

Signatures

Gcleaner family
gcleaner

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e251796ce152f66c3744cdea70c47215a0612e32de1025bc70b002e4e4ae430b

Files

e251796ce152f66c3744cdea70c47215a0612e32de1025bc70b002e4e4ae430b
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ