Extracted

• • Target

    20aa6407587318875a98f4cc567752a4caffcd46104d7f42c427ad8b10317eab

  • Size

    1.8MB

  • MD5

    872445f439140f8b8db73ec546971cc9

  • SHA1

    86ca54d31ba843a883c352f387a623dd35c09c8c

  • SHA256

    20aa6407587318875a98f4cc567752a4caffcd46104d7f42c427ad8b10317eab

  • SHA512

    eb28f12e13fabfc1d2ebf768548cafded96006de1c8647f7cdfe37f050d6a16a6cbe2a0e4131dc4a1c7027285bb5d7af544b4168627a793884f1fa169f6aa50c

  • SSDEEP

    24576:UB06NnSMYTaEX4H3VXTzQmmVSXmx7ILXocFLwFkue/e0rShVM6vH663KRqRi8QHf:X6NSHX4XVsmmVIm6b7FLwFFET3gKIc

  Score

  10^/10

  gcleanerdiscoveryevasionloader

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner

  • Gcleaner family

    gcleaner

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2