Extracted

• • Target

    file.exe

  • Size

    3.0MB

  • MD5

    00d59755c2498a80e76ab6ebd1dc2152

  • SHA1

    8b4954ba77a24ea0b504c509a3ae95db30eaf95d

  • SHA256

    a591b8fc63ea9523af2cdf63a21766c828c6855b8e1e5a8aa601430bcff28117

  • SHA512

    399b47eaf42d1a826b0d81dfc9277ed459379ff8f95a2365f3ec4802e7d409cb210286629f25ddbac4005c68398e56d5b6044c7d76aab0bbbfde061e8146d815

  • SSDEEP

    98304:xT5XoIhVqBAvmtkBnvXOyOMlk5GUiCv2MR:xdX7LGkVvzlIvvjR

  Score

  10^/10

  gcleanerdiscoveryloader

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2