gcleaner | JaffaCakes118_eb02f498ddcfad957edc9c4508134e7b0d5dbf84e417aba23627b4de6bebe4d6 | Triage

Sharing

General

Target

JaffaCakes118_eb02f498ddcfad957edc9c4508134e7b0d5dbf84e417aba23627b4de6bebe4d6
Size

696KB
MD5

50673352d93f31d059dbfebf1d9f71d2
SHA1

3b35b502eeb66d7b7c82d9fc2e6c72cbd99efde9
SHA256

eb02f498ddcfad957edc9c4508134e7b0d5dbf84e417aba23627b4de6bebe4d6
SHA512

da01a55cf51fd5ab9bff8a3174b142bd61c077960d4ac9d5cb7d116c6b9d9de448a50b4f9c02a6f2334c1bdd0635d5e48547958fe5651fb0c1987f9da4a0822e
SSDEEP

12288:NnSydk6WJJChUHB/1mYmflNgjK3iJCmVunnoxVeS:dKUIjynmWox9

Score

10^/10

gcleaner

Malware Config

Extracted

Family

gcleaner

C2

208.67.104.97

85.31.46.167

Signatures

Gcleaner family
gcleaner

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_eb02f498ddcfad957edc9c4508134e7b0d5dbf84e417aba23627b4de6bebe4d6

Files

JaffaCakes118_eb02f498ddcfad957edc9c4508134e7b0d5dbf84e417aba23627b4de6bebe4d6
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ