gcleaner | 3052-8-0x0000000000400000-0x0000000000C61000-memory[.]dmp | Triage

Sharing

General

Target

3052-8-0x0000000000400000-0x0000000000C61000-memory.dmp
Size

8.4MB
MD5

4aad9755a04b1a20c896f577f43adcb7
SHA1

c685f9fe5d1a5fd61fa4d37dc0ee0097cd1ef43e
SHA256

f7db7211d77dc18ff8856a6a4967f045fbab7a438f37d43417ebd0d29298ad22
SHA512

f7f8e8038ae68f3505b9dd997e316bb6184acada60cd56dab92ebeeeffc1ebe028f6ee7f74f6fafe3b7398ffa8e8e377a83f5c527f50d563a54a52731c27d528
SSDEEP

49152:mcASD/fEAgAbamffnwqvbr/pgqzdzuR0T1aT+Mbg8QtJcUHIhxTldEPDqMwqlGw:mcZbMDAumffnRPhgm31a3c8iFK6PDqY

Score

10^/10

gcleaner

Malware Config

Signatures

Gcleaner family
gcleaner

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3052-8-0x0000000000400000-0x0000000000C61000-memory.dmp

Files

3052-8-0x0000000000400000-0x0000000000C61000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ