Extracted

• • Target

    eab9619df6b82520165d2b4455fbdf147077932f8f53b80d6adb9501e822cdbc.exe

  • Size

    1.9MB

  • MD5

    032aa8264c2ccbdd008693fd9c29a1fb

  • SHA1

    86a99c6498d68c8af759afd61ed56637a46bb016

  • SHA256

    eab9619df6b82520165d2b4455fbdf147077932f8f53b80d6adb9501e822cdbc

  • SHA512

    bb5c07246b6bbac5ccfd26fd32e4f8fb1b337590593475ee8a289bb92a502d7f95c7f74dcfdf0c71389290ee4c415fb1328618d081e3c7dbb31a3a5c7aa8a679

  • SSDEEP

    49152:Q1YqsFySZlhwRfuGoLE6MCAHAMIXDLX2gmDoOaU:QWZlhwRuG0fMCAFIXDy

  Score

  10^/10

  gcleanerdiscoveryevasionloader

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner

  • Gcleaner family

    gcleaner

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2