gcleaner | 3596-122-0x0000000000400000-0x0000000000C6D000-memory[.]dmp | Triage

Sharing

General

Target

3596-122-0x0000000000400000-0x0000000000C6D000-memory.dmp
Size

8.4MB
MD5

c9d9cd1a8c1609db2f0872c44221f17a
SHA1

405fa977bcdea66078f42191d0ecb090af75e5a4
SHA256

0144ec206c46b15c98137c14fe46557f4947ab221196bf0e8f949122ef2fed75
SHA512

74a5d9ef1622f305ef5d985727eaaf925030d70e41124a64fa935f8f14c11817328b1fa93f6f1acda5282640dd2108b885aee57b069ec5d13e1bea21a692eb23
SSDEEP

98304:vjil4OkHZ6tax7s9UlSfwybFOUymBOMIKNuIsbaAX:f6WlS4wFrbhA

Score

10^/10

gcleaner

Malware Config

Signatures

Gcleaner family
gcleaner

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3596-122-0x0000000000400000-0x0000000000C6D000-memory.dmp

Files

3596-122-0x0000000000400000-0x0000000000C6D000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ