Extracted

• • Target

    40373b2b67af54380809aadcc91404f2a24c343bf3230ff02abb79847995a623

  • Size

    405KB

  • MD5

    7443b81bf361fa3968b5ffbc65e3281a

  • SHA1

    01f0228aec293d94d303af080536a2ead6bf8a25

  • SHA256

    40373b2b67af54380809aadcc91404f2a24c343bf3230ff02abb79847995a623

  • SHA512

    79bcb9bc798d67ebfd34b85065bd416dcc5c84ac82c6d9b15d5ccee5affd1b2bf52442d5b134622400b1a880b81bf214458fbafc5b9f7f5d1619cf0eb6ad56b1

  • SSDEEP

    6144:IsXGqw9d+nKvNtLsOkwreFivtmXqMhwn6LN:IYGqwX+nK7LPN14Xwn6p

  Score

  10^/10

  gcleanerdiscoveryloader

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  behavioral1behavioral2