Extracted

• • Target

    49ab364c6b979aa4e58de8f1dc397bdaf593a7f49ef3a698c6f423df25dceac0

  • Size

    1.9MB

  • MD5

    5988fee34e194b5eaf5c9885ee20b0f6

  • SHA1

    87344f80b28b36d0d98bc3dfff8dbf065f98cf08

  • SHA256

    49ab364c6b979aa4e58de8f1dc397bdaf593a7f49ef3a698c6f423df25dceac0

  • SHA512

    d947f7c1849021b9f987ac199219352e1c495c012e57242a3caddb6a3b505f17b9452529437e14a52cbc0b887f3a418d164fe785d4c18cb39959303253b8ce12

  • SSDEEP

    49152:XUf0vKt7NEG3Zq6kM3Tn/4muKzf+xPbPEHbhW/L8VCtEL/RyAC+G:kcQNEuFuKzfgobh2L2CeD+

  Score

  10^/10

  gcleanerdiscoveryevasionloader

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner

  • Gcleaner family

    gcleaner

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2