gcleaner | 1040-7-0x0000000000400000-0x0000000000C5C000-memory[.]dmp | Triage

Sharing

General

Target

1040-7-0x0000000000400000-0x0000000000C5C000-memory.dmp
Size

8.4MB
MD5

54660ec53bf41d3af27c1b8eb06d435f
SHA1

fb406ca9c433a7cd0b54cde26d6f448bac23e04f
SHA256

2b251f0859b108ca684d53b4addeb1dccca5831516fbc91c6bc9ba4e477d33f0
SHA512

eb6b0037f55f10b5ffa834448a863db274c3817105387e4fb19dc21559e1e0da96354209de514f868e468320e92679cc376cb0af1d9b8ee675f3fa5b3144c1a8
SSDEEP

98304:mcvUaNO0Gfe/eDucNY3LAwUd4SDj7BNcw7:OzyGYbAwuj7BNcw

Score

10^/10

gcleaner

Malware Config

Signatures

Gcleaner family
gcleaner

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1040-7-0x0000000000400000-0x0000000000C5C000-memory.dmp

Files

1040-7-0x0000000000400000-0x0000000000C5C000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ