gcleaner | 4920-142-0x0000000000360000-0x000000000038F000-memory[.]dmp | Triage

Sharing

General

Target

4920-142-0x0000000000360000-0x000000000038F000-memory.dmp
Size

188KB
MD5

7a56068fd09ef1041a7062d7fafc6da2
SHA1

5ca04ccef7c564d61e320d34c5f02c6f21abb18b
SHA256

0dd5b327b0265d4367553d6bdf3c2d970682a2efaf2de8b5254d9f273b40ad4b
SHA512

7fb632a476179e9e9953e3612dc30997e95e61852ea6f04f15145ab8c34527da7f3b5f9eca8850410a24f211f3a21079d3bd47325b178a106b814fa9902c713a
SSDEEP

3072:Atv6y2ps37So0V7b6ofOs4ApGaUdz9f6pAL/glPFPLSBq7NfENHyxe2DlmCR9bqY:Kiy2a3T0V7b6ofOs4ApGaUdz9f6pAL/K

Score

10^/10

gcleaner

Malware Config

Signatures

Gcleaner family
gcleaner

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4920-142-0x0000000000360000-0x000000000038F000-memory.dmp

Files

4920-142-0x0000000000360000-0x000000000038F000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ