gcleaner | 864-7-0x0000000000400000-0x0000000000C6A000-memory[.]dmp | Triage

Sharing

General

Target

864-7-0x0000000000400000-0x0000000000C6A000-memory.dmp
Size

8.4MB
MD5

c0a76e4f550aa851c952ec05e7e0fcc6
SHA1

f04dac6fd0f58760e36956e03cf5854c790917d6
SHA256

6378c359d07acc20d3ef27023ed77a1fba03def70c158c429c16f058c7b0c2b6
SHA512

17bd03b24dbec4d575fbc31c112a83781645b31896c16347a5f9aa0386530f00ad30e2b880d5477c7bf67434e34b7a3a2792d5f30f66034b556c89ff48904eea
SSDEEP

98304:mcAJbRv/t4jH+ZGkPnC+Wfv1oezwFLGrZWTVqHub0hg:WQUC7ftAarZWJqHo0hg

Score

10^/10

gcleaner

Malware Config

Signatures

Gcleaner family
gcleaner

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
864-7-0x0000000000400000-0x0000000000C6A000-memory.dmp

Files

864-7-0x0000000000400000-0x0000000000C6A000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ