gcleaner | 2620-518-0x0000000000400000-0x000000000042F000-memory[.]dmp | Triage

Sharing

General

Target

2620-518-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

39569264c320d5220405327b18a43712
SHA1

1bdbf3e98f5cef2a7461258bc2f7194527d44552
SHA256

b708c70af59aa3d37e9024810c40a49b29e0d3ff0f330f185f895a32a98b336a
SHA512

beffb54a935b90aea24ed3991ce76842814b0ba1be59a4aa97c8e40e6e66bd4712fb160a3e8cf044fef8988aca752f9f2cd8054ef7fb7d688ed6c8faeabe9690
SSDEEP

3072:AY2eRmwdxSmYvbZm6dOiA6V8QAbrrHgXmz/+P3HjTe/wN1fKzzgP4anh2UJfL2Ak:H2imwdjYvbZm6dOiA6V8QAbrrHgXmz/T

Score

10^/10

gcleaner

Malware Config

Signatures

Gcleaner family
gcleaner

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2620-518-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2620-518-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ