gcleaner | 388-8-0x0000000000400000-0x0000000000C67000-memory[.]dmp | Triage

Sharing

General

Target

388-8-0x0000000000400000-0x0000000000C67000-memory.dmp
Size

8.4MB
MD5

2babd51d7f86fc24402a5ebbc96ca680
SHA1

49ac6847dc96b057336f3c68d3cc0d3a2c706838
SHA256

a8e234a5d57ccdbdda0f3a7319c5ea4de5fbb8c55c247b6f5fa9a7bf4b755aa1
SHA512

67477c3252efd20f2bc825834b6ca7a362522bc1a73c68d3aa15c560239d4a153f2560e5aceb3f8cf1247246bd54e4b49a3aeab5c96dad9b49cea56daa1cee5c
SSDEEP

98304:vjilfFHdchs1hpHHKF3VMVFRvEfKk+jHKKmF:sdAsluKPeV+jHK

Score

10^/10

gcleaner

Malware Config

Signatures

Gcleaner family
gcleaner

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
388-8-0x0000000000400000-0x0000000000C67000-memory.dmp

Files

388-8-0x0000000000400000-0x0000000000C67000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ