gcleaner | JaffaCakes118_3b877d168f8a4c25d2e5b91b62cffc2ffbceb5c871c8c3edd36ae49f67f17181 | Triage

Sharing

General

Target

JaffaCakes118_3b877d168f8a4c25d2e5b91b62cffc2ffbceb5c871c8c3edd36ae49f67f17181
Size

380KB
MD5

7743a5fb9e1c07ced469d0509d15a699
SHA1

fc3d8f125c0c431df7ea605a049f41680f2516e3
SHA256

3b877d168f8a4c25d2e5b91b62cffc2ffbceb5c871c8c3edd36ae49f67f17181
SHA512

05ea3019ee7faf69a3d37a3bb94de322d70fec92bba30475f4c68321e62289b25335185b350ac1cf28472abeb7f2f0383dcbdcfc3d6cf483de97bd99a79d66b5
SSDEEP

6144:Udt56eh8ITcleMH9SDomjDBvMYos+CmDyZYIMsCIxl0J8k9MAO51gUtuzbgwuaGo:Udt56ehi/H9SDomjDBvMYojCmDu79dgp

Score

10^/10

gcleaner

Malware Config

Extracted

Family

gcleaner

C2

208.67.104.97

85.31.46.167

Attributes

url_path
....!..../software.php

....!..../software.php

Signatures

Gcleaner family
gcleaner

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_3b877d168f8a4c25d2e5b91b62cffc2ffbceb5c871c8c3edd36ae49f67f17181

Files

JaffaCakes118_3b877d168f8a4c25d2e5b91b62cffc2ffbceb5c871c8c3edd36ae49f67f17181
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ