gcleaner | 5448-1058-0x0000000000400000-0x0000000000C6D000-memory[.]dmp | Triage

Sharing

General

Target

5448-1058-0x0000000000400000-0x0000000000C6D000-memory.dmp
Size

8.4MB
MD5

ada31b81162b32363afd12392e100ecf
SHA1

359d27f275764c9558f80d9b740a0608dfd8843f
SHA256

3f2250cde8c064d3405613357a4ebf8e8ddada5347dddfd5fe20a91fbc58a63a
SHA512

2d4bcec2057048876e2b4cd2459a440a0a85183e5e157cc901a7f50f5e74a08088a1655acb9d2e4184f722bcc927990848705706ff83a1bdfc25eb4479ec6ee0
SSDEEP

98304:vjilgOkHZ6tax7sIBV7vK3UFOUymBOMIKNuIsbaAX:f68V7yEFrbhA

Score

10^/10

gcleaner

Malware Config

Signatures

Gcleaner family
gcleaner

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5448-1058-0x0000000000400000-0x0000000000C6D000-memory.dmp

Files

5448-1058-0x0000000000400000-0x0000000000C6D000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ