gcleaner | 2120-7-0x0000000000400000-0x0000000000C5C000-memory[.]dmp | Triage

Sharing

General

Target

2120-7-0x0000000000400000-0x0000000000C5C000-memory.dmp
Size

8.4MB
MD5

d6080cc25354a052ab183ea1378241fc
SHA1

68cc07a4684d87e749c47e5c1f30675b7be9d8e5
SHA256

60f844ba03a763c35898830ea33b8872b0ae7356a55c4bc04ed4ddf966b1bc7f
SHA512

e63e883d075a926763e6045c1fcbbbe3b0fb389dd540455cc1ecbc84a1b21ea69cc3a7ee9b1a4294d1887eb7745c44f28d5c78f62250f7a316023a7c2eaa3e38
SSDEEP

98304:mcX+95UlzRgkPlZGb/kzebfdmorN50lopua:y6PlZGb/e6fkoxdpua

Score

10^/10

gcleaner

Malware Config

Signatures

Gcleaner family
gcleaner

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2120-7-0x0000000000400000-0x0000000000C5C000-memory.dmp

Files

2120-7-0x0000000000400000-0x0000000000C5C000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ