gcleaner | 2124-7-0x0000000000400000-0x0000000000C54000-memory[.]dmp | Triage

Sharing

General

Target

2124-7-0x0000000000400000-0x0000000000C54000-memory.dmp
Size

8.3MB
MD5

a2583ec973738073f38cdc1ca3b105bc
SHA1

0003eac13b95eef7549036d24b010db9affb7367
SHA256

d259f74cdcb5d95769d89ed9d23b03246a99d34f7443987bcd20573bd25894c2
SHA512

082898c66f6b9342301f7d330607fd5c9930d6ab0431798b740963b233c0d9093b0313929a2e5ab52ec9e4bbf0499934e48f87597e9362aa7a225e6e67e6f0f9
SSDEEP

98304:mc+ir/x1vhnpFy5EAYxSbMlEcB7kSdBBhZcqBcDTHiQ:nAQSMl9VLlhhO3

Score

10^/10

gcleaner

Malware Config

Signatures

Gcleaner family
gcleaner

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2124-7-0x0000000000400000-0x0000000000C54000-memory.dmp

Files

2124-7-0x0000000000400000-0x0000000000C54000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ