Extracted

• • Target

    9dff8d5faabfd081c11d419c2f5b8501e3f173e0001f1fe8d3aeadd1d0d5392d

  • Size

    1.9MB

  • MD5

    f960fd84b7f7a8d057db1f2ca283a76d

  • SHA1

    8eb8a21e6e8ca62f37f86f21aca1d4bdbde9d6d0

  • SHA256

    9dff8d5faabfd081c11d419c2f5b8501e3f173e0001f1fe8d3aeadd1d0d5392d

  • SHA512

    2d6e886e69047068de4d716c32583fa17f6ebefd6ef69cf66b5fe9586d6c459554a372242253172b582d772a49e10df138acefc5cdacf92d501f69ac35716de3

  • SSDEEP

    49152:xwCRDFWxkGgVtGjAqDKZWqD7SnJlvUD/FV:xvRJGEm1wgJlob

  Score

  10^/10

  gcleanerdiscoveryevasionloader

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner

  • Gcleaner family

    gcleaner

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2