gcleaner | JaffaCakes118_6c8d4de39939d8cb1b647f3a2a3a9779143d75a9a27b7f004559b487f3501345 | Triage

Sharing

General

Target

JaffaCakes118_6c8d4de39939d8cb1b647f3a2a3a9779143d75a9a27b7f004559b487f3501345
Size

17.6MB
MD5

42a6fb89123f0f4d5ca8a8146fd3b75f
SHA1

1238d10dfc8d881d0b804f856399ee47db9d66f7
SHA256

6c8d4de39939d8cb1b647f3a2a3a9779143d75a9a27b7f004559b487f3501345
SHA512

4a5fbf1655fc6379cf9c238b6e94d061dcdf4c02931fe0a70a79c2d133b886cecadf59c0d5e63367dabbb1b58f9d5c41c6a11692cb1a5ff6886a89bb9b6a1e9f
SSDEEP

12288:sVtFVPSRE53jT9U/whnKZad2WB/m9hYLOSfmiuxG:hHIBoSO8

Score

10^/10

gcleaner

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

Signatures

Gcleaner family
gcleaner

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_6c8d4de39939d8cb1b647f3a2a3a9779143d75a9a27b7f004559b487f3501345

Files

JaffaCakes118_6c8d4de39939d8cb1b647f3a2a3a9779143d75a9a27b7f004559b487f3501345
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ