Extracted

• • Target

    8a58ec8781e8b2835a2d33a6a4412b4ce0674be037eba31a55c8cefe56c903c1.exe

  • Size

    2.6MB

  • MD5

    bff65ec63e4cc671151742fc54112927

  • SHA1

    c1029b86bb35cb202bb34a75dba3213acddab7b7

  • SHA256

    8a58ec8781e8b2835a2d33a6a4412b4ce0674be037eba31a55c8cefe56c903c1

  • SHA512

    dc1f179da665dddebc662a3d5baf978598724383aa2b0c08a8074d00069ff24f177fa7bde4610106012eb910efec01c6f0cd579b8cbcb6f4d0bc052ef05aa8ff

  • SSDEEP

    49152:EGlJfslgHZ8h7Dbm+Q6doaFMvOUfRop2qFIHmoorD3HbfuhkmtN5dlLYp:52tm+Q6doaFMl+uKDDidPYp

  Score

  10^/10

  gcleanerdiscoveryloader

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2