gcleaner | 2688-141-0x0000000000400000-0x0000000000C6D000-memory[.]dmp | Triage

Sharing

General

Target

2688-141-0x0000000000400000-0x0000000000C6D000-memory.dmp
Size

8.4MB
MD5

16739c516a28cc475e479b8fc01d33da
SHA1

64f81fab653fef15adb37496b2863500e135bc22
SHA256

af2fa80414a0ff980fa170c3a98ce7c59ed4d240aa57fdbc9d0cbbaf44bbcf1e
SHA512

b1541a3724563775527a32097d59f7a42a4d015cb7227141b7f1a410df834a115578f684a6bd9e10ad741f1a22153a39f861af6a0ed3c52d234bcf68ae11336f
SSDEEP

98304:vjilpOkHZ6tax7sOJzFNAe/FOUymBOMIKNuIsbaAX:i62zFmkFrbhA

Score

10^/10

gcleaner

Malware Config

Signatures

Gcleaner family
gcleaner

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2688-141-0x0000000000400000-0x0000000000C6D000-memory.dmp

Files

2688-141-0x0000000000400000-0x0000000000C6D000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ