gcleaner | 2160-6-0x0000000000400000-0x0000000000C77000-memory[.]dmp | Triage

Sharing

General

Target

2160-6-0x0000000000400000-0x0000000000C77000-memory.dmp
Size

8.5MB
MD5

7ad3d6c636f60029e2b63efc809fbe04
SHA1

e0aad767201782645846321b4b02effb827d94f2
SHA256

7b6f5309baac3198f4aed8a7494d9e00bb055e175125e2985aa2733d7d7cef68
SHA512

1170dadab1fe2096f4816171492adef8e99d7e7ba5c82faee232e2e7594ec146c0fe085c663a52a33dded7839539c3ad7a5bd6d03fb32b0ffca7d7903ca37cce
SSDEEP

49152:vjilqVlSCHtJ/F0qnwPZHYuuenBHlkN/GVDdj5cpzcag+UXYvieQVq:vjil4QCHtJ9y4CnY/oDdj5cpzlg+UXb

Score

10^/10

gcleaner

Malware Config

Signatures

Gcleaner family
gcleaner

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2160-6-0x0000000000400000-0x0000000000C77000-memory.dmp

Files

2160-6-0x0000000000400000-0x0000000000C77000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ