gcleaner | 5704-1022-0x0000000000400000-0x0000000000C78000-memory[.]dmp | Triage

Sharing

General

Target

5704-1022-0x0000000000400000-0x0000000000C78000-memory.dmp
Size

8.5MB
MD5

69e620ee5db9a95233433d044cf53949
SHA1

114899b1fe3caa4c3c34c927fe6815e313bc3ed3
SHA256

363eca88d0a72a54461fffecae7bf5daf6b7577a584c544010add94a7906ba62
SHA512

c5e2ea9abea86c6e1f8611f859e16e0b8e29f1b72df6eef5639efb22ee2c7a477942c2e9a90e1fae0d9be4752c259fd82af20befcef4de256a1807dfcf57719f
SSDEEP

98304:8m+lhQumtcBm5pkBENNnPmCg8teX9Y5NoeozAts2GfJJ0KK:ZnPSQeX9Y5NxbtbyJ0/

Score

10^/10

gcleaner

Malware Config

Extracted

Family

gcleaner

C2

92.63.197.221

45.91.200.135

Signatures

Gcleaner family
gcleaner

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5704-1022-0x0000000000400000-0x0000000000C78000-memory.dmp

Files

5704-1022-0x0000000000400000-0x0000000000C78000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ