Extracted

• • Target

    Trojan.Win32.GCleaner.WRA.MTB-62f8340b6223688006a84ae5d188b067cd9af43efd4e9179bef422939c56e38fN

  • Size

    422KB

  • MD5

    5c5a20e1a60cf7ac12eec60628816cd0

  • SHA1

    bdbcdbc93adb5aef38a45b387efcb01fda84a6f0

  • SHA256

    62f8340b6223688006a84ae5d188b067cd9af43efd4e9179bef422939c56e38f

  • SHA512

    272bc3ff46f2eba1d54b5fd29f3998b86e9499fcf8e4eef752274d7caa7ce756ace1476564f9c939df00a7fea996273080d9442bf456b63972a282bf04ac3b92

  • SSDEEP

    6144:pEg94Xwz671m1H2PwYjsfc2skZg1Y7DgVCo6ub0jM47bsHP6B:f9o71mMRf2NZg1YSNZ0jVnsHi

  Score

  10^/10

  gcleanerdiscoveryloader

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  behavioral1behavioral2