Extracted

• • Target

    bb59713d6dbe3e5f28870e0bdcc9b49d0002ca398b37487735b2f1758553fea2

  • Size

    439KB

  • MD5

    c8be510dfe2d9af32045b559496e4042

  • SHA1

    b4c76babf91db8a6e19b7c3dec52da439c67b8a8

  • SHA256

    bb59713d6dbe3e5f28870e0bdcc9b49d0002ca398b37487735b2f1758553fea2

  • SHA512

    c3492fddd3b8ccf1530b8b23cda896c73099e157401675a8b2b76c55aaaa8e854f654904ec06f0fbd1ffb5b552691a8ddc11de6551e21d2703264377ff9247ce

  • SSDEEP

    3072:UJtpmuVmHcWw0dfLROn/BdKxbk4Pe+7tpmcivOTGsFOp1W7rZ2meLAgtol5OjjKc:ItRVmHcWHdf0KVHiv+OpsYvZoOK+l8O

  Score

  10^/10

  gcleanerdiscoveryloader

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  behavioral1behavioral2