MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d2a4b73bb49ca3b3a27fccf1b0d76ef45576cd372565d136a8c1ff7b423c732a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d2a4b73bb49ca3b3a27fccf1b0d76ef45576cd372565d136a8c1ff7b423c732a
SHA3-384 hash: f9d54c2c58645bed53c404fa23b76e18d85c2df767e4d012fa91736449c4b3fcbe518ae45b67f6eada1488091da31a2e
SHA1 hash: 60d20f7ac22b3371a936307b3140c3f714da8eb0
MD5 hash: d22e5fa6ede8b4d4ab78dd1629cafb31
humanhash: seven-butter-low-skylark
File name:GG Client Setup 1.0.0.exe
Download: download sample
File size:83'550'878 bytes
First seen:2026-05-15 15:31:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b34f154ec913d2d2c435cbd644e91687 (575 x GuLoader, 128 x RemcosRAT, 82 x EpsilonStealer)
ssdeep 1572864:M82/fjE3mZ5EUjQoaHc2i0Ul80dTOQcelKwQ4KvL+Yhzs:Mfuse/oa3UBrcelKjzRhA
TLSH T16E0833047416C4F3D366A77277E57132E01B6D0E2F9848D8636DB494F6B80FB80B69BA
TrID 50.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
10.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
10.5% (.EXE) Win64 Executable (generic) (6522/11/2)
8.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.2% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
dhash icon 4945716969615549
Reporter MidasRX
Tags:BadQuality exe RAT stealer unknow


Avatar
MidasRX
its a bad quality thing in spain prob he didnt made or either he made with ai bcs it looks ugly asf on god xdd

Intelligence

File Origin
# of uploads :
1
# of downloads :
127
Origin country :
FR FR
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/c5a1fc19-ec9c-483c-af9a-277e753389c7/
Malware family:
n/a
ID:
1
File name:
GGClientSetup1.0.0.exe
Verdict:
Malicious activity
Analysis date:
2026-05-15 15:30:57 UTC
Tags:
auto-reg
Link:
https://app.any.run/tasks/488d2a06-7076-4f4b-a31a-420b27b4cbd5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Clean
Score:
82.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a073bfd46d6967b3d907fcc
Tags:
n/a
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
adaptive-context anti-debug crypto evasive fingerprint installer installer installer-heuristic microsoft_visual_cc nsis packed reconnaissance
Link:
https://www.filescan.io/uploads/6a073c86056ea44c4531357e/reports/13d61997-01e4-4c49-9a9d-f53fbab47642/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/d2a4b73bb49ca3b3a27fccf1b0d76ef45576cd372565d136a8c1ff7b423c732a
Result
Gathering data
Verdict:
Clean
File Type:
exe x32
Link:
https://opentip.kaspersky.com/d2a4b73bb49ca3b3a27fccf1b0d76ef45576cd372565d136a8c1ff7b423c732a/results?tab=lookup
Score:
56%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/d2a4b73bb49ca3b3a27fccf1b0d76ef45576cd372565d136a8c1ff7b423c732a
Gathering data
Verdict:
Clean
Link:
https://tip.neiki.dev/file/d2a4b73bb49ca3b3a27fccf1b0d76ef45576cd372565d136a8c1ff7b423c732a
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2ksloo5utsr3hit7zty3bv3o6rkxntjxevs5cnviyh7xwqr4omva._file
Gathering data
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments