» ghostscript870w32.exe
Overview
Analysis
File Details
Downloads (10)

ghostscript870w32.exe

The program is a setup application that uses the WinZip SFX installer. The file has been seen being downloaded from www.y-it.co.il and multiple other hosts.

File name:

MD5:

b42955ed68ca5b71d4a5712466aa6cfd

SHA-1:

1bdedfcc178eb924ee450eabb4d2b1847228fddc

SHA-256:

4059a804cd78e84f0638df4b877ebe0e26965d2e9a537f26d22b06ab758d4814

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/26/2024 5:38:28 AM UTC (today)

File size:

12 MB (12,621,312 bytes)

File type:

Executable application (Win32 EXE)

Installer:

WinZip SFX

Common path:

C:\users\{user}\downloads\ghostscript870w32.exe

File PE Metadata

Compilation timestamp:

1/9/2001 9:09:05 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.10

CTPH (ssdeep):

393216:6UhzF7wOQOnmB9fZ7aaSIOSkSFMxaJmjLdGLDVq:6UV49fZ7Bj/Ovj2D

Entry address:

0x3F8F

Entry point:

53, FF, 15, 4C, 70, 40, 00, B3, 22, 38, 18, 74, 03, 80, C3, FE, 8A, 48, 01, 40, 33, D2, 3A, CA, 74, 0A, 3A, CB, 74, 06, 8A, 48, 01, 40, EB, F2, 38, 10, 74, 01, 40, 52, 50, 52, 52, FF, 15, 50, 70, 40, 00, 50, E8, 9E, F3, FF, FF, 50, FF, 15, 54, 70, 40, 00, 5B, C3, 8B, 44, 24, 04, 8B, 40, 3C, 05, F8, 00, 00, 00, C3, 55, 8B, EC, 51, A1, 88, 94, 40, 00, 83, 0D, 00, 93, 40, 00, FF, 56, 33, F6, 39, 35, 40, 8E, 40, 00, 89, 35, 34, 94, 40, 00, 89, 35, 84, 94, 40, 00, A3, 24, 97, 40, 00, 75, 05, E8, 9D, D2, FF, FF... 
[+]

Entropy:

7.9995

Packer / compiler:

WinZip, 0x32-bit SFX v8.x module

Code size:

21.5 KB (22,016 bytes)

The file ghostscript870w32.exe has been seen being distributed by the following 10 URLs.

http://www.y-it.co.il/ghostscript70.exe

http://gsf-cf.softonic.com/1bd/edf/.../file?SD_used=0&channel=WEB&fdh=no&id_file=57770&instance=softonic_br&type=PROGRAM&Expires=1480664903&Signature=dxClflFFny~tuM4UjwqABH7esS9SDGdhJgEMRhciiD82aY9tEitUXPjz1HOGO4~3stzJzIpzO0AWUmYb9aZ4ucyCxl6CR~GQFC4rVoOwCcMhVPGDdOXc4jCyjkGWslR6QdkkK27qmsGxNVbsi1GsTiKw9jGaox9QdYgRuak84Cg_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=gs870w32.exe

http://gsf-cf.softonic.com/1bd/edf/.../file?SD_used=0&channel=WEB&fdh=no&id_file=57770&instance=softonic_br&type=PROGRAM&Expires=1473577242&Signature=K5qkfSJcEBwruLlltgPZdniuCOuonXet5eYbZPFmOJ0uhuyL2vYSaziMIWVYOESREqqdlEQkx5ANnC8M2E3d4x5agOW9D9gmalAp0XbBzre9ZweuJqOnTfcA7s4er0aDxYLTFREG6yi2Q7gBnQu1ssKitWK4czXWOnopbzgwnQk_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=gs870w32.exe

http://gpl-ghostscript.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxANc6jZmmcn4DoXXwH2nlAIV3yIxhdejcFbIDsQdzuRugehri987P8rlB0lFoyYbFa3K13WIXcqRLRIo X9Z3u5SQZN4 q iDAqE3OFmLhC2fJUZmt2na7PR83WibvPYsw5km9SAwzWtCnBqU0ft7gGYuf6FQEx Ngi4gWT1ZRZ9pkagvivYMD0gW qmdhCHm5k 03iVbWwpYiqMreW158t4cBPWu3vtoz4Lp4a5uOgmrisykwROySkzbP6ZZz51nlW7d9P9XdXEOl GYhEyVPyBj/Z8xqq5 Rw/VLu59Nqrp 9z1gAVrbR1POka9kMD7TtzSAj6vUZ8WYy0bC M88S5D05RC4n0Eb2pphVa2WJkgVAx0WHXW06V YGv/5yMxztQbw8wSPeDibn5wWe9/yuvlx2 i42gXhZ d34/rd2Gdb1rCMBUObmaE 5IDTzdNdiVtvLeqJ9cHtzcnXoY2O2jAAxtk0SJbTMoka0Ezu6QO0AkIYQFFOmydZunTRrurJhGUU5M7nvTYOzY85h6mM6MpYE4WVia29Mzlmuhy3z7c8Dt/.../pPwFY8pM3

https://gpl-ghostscript.softonic.com.br/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxANc6jZmmcn4DoXXwH2nlAIV3yIxhdejcFbIDsQdzuRugehri987P8rlB0lFoyYbFa3K13WIXcqRLRIo X9Z3u5SQZN4 q iDAqE3OFmLhC2fJUZmt2na7PR83WibvPYsw5km9SAwzWtCnBqU0ft7gGYuf6FQEx Ngi4gWT1ZRZ9pkagvivYMD0gW qmdhCHm5k 03iVbWwpYiqMreW158t4DLzlG/FCyzfqJLRk L6W47Ae110YqknqQyIIKE3QbQdZ6LgA0hFJixT59qN5OH7sFdaYoFqG 2bIoYvUrzO5JT5roeaNzh2IHj8 K9bMKqdsxARb79fabuCB3ltDmRHzq92RZMFfgqR/IAz/Y7SeYW60eN/G1RwO5Ty22CYET7/9OuAURfrvCPni1DMmnxMmkP KGcngz/u0eMLAnpiQEvvqC8421SaDchjbHhMQM6dz7H8/ZZxOACdhGZ07AGFb6dcduX5Ys52Hyq2m0cX7RI/ajijBSBm MckCbVz/MFJGUU5M7nvTYOzY85h6mM6MpYE4WVia29Mzlmuhy3z7c8Dt/.../pPwFY8pM3

http://gsf-cf.softonic.com/1bd/edf/.../file?SD_used=0&channel=WEB&fdh=no&id_file=57770&instance=softonic_en&type=PROGRAM&Expires=1432455417&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=bkgZQXqr2fj7N9CItcMlVtYNN3pZXSv8rYXLf4GFgXJzAT1FaLOkaf-cA0AvetMi6PaQRFzx7MFgqUixVKS0p9ushuKiccv6flEzbrG7yKlb6~HYfE7b3IaTUrCXWBWUdazR8CuwufHeogFA-f4FfLQkPiNCWDpqtuvVJSgemGc_&filename=gs870w32.exe

http://gpl-ghostscript.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxANc6jZmmcn4DoXXwH2nlAIV3yIxhdejcFbIDsQdzuRugehri987P8rlB0lFoyYbFa3K13WIXcqRLRIo X9Z3u5SQZN4 q iDAqE3OFmLhC2fJUZmt2na7PR83WibvPYsw5km9SAwzWtCnBqU0ft7gGYuf6FQEx Ngi4gWT1ZRZ9pkagvivYMD0gW qmdhCHm5k 03iVbWwpYiqMreW158t4cBPWu3vtoz4Lp4a5uOgmrisykwROySkzbP6ZZz51nlU9xdAkWnCmnorGEtXNdE7ubjTj4reh503 RuR4GISN8lcy4miWZ2 CyocOFNwj/5tiZtfxrd9oAw79xqs3KxEEzkFVyuYhIwlLqZ9gDMrWkothShfU5IYmoUSKQ gIKbx2TsAdc ZDKoXdJaYvJYt4yutC3wcu81E/Q P/EuoA dLXrDhP9y5o6wzBznxPK2JsB40ZMSh0PvlePjjM/9gRBBW8aNmZ56G5BuwLx2ITu3BO3H1v7Ams/zXUuJmq3lGUU5M7nvTYOzY85h6mM6MpYE4WVia29Mzlmuhy3z7c8Dt/.../pPwFY8pM3

http://gsf-cf.softonic.com/1bd/edf/.../file?SD_used=0&channel=WEB&fdh=no&id_file=57770&instance=softonic_en&type=PROGRAM&Expires=1446168647&Signature=Xruo7GI6w7F209JXHMCYUAPcNJLG0wS3edcsLggj70aFoTn0EPSuTGhwIQ1~8JRi3DwjyXGtIjcrm2J-2wVU8fmm~L0aAXNVKTc85f2bOvDbuuGSWGEOhOIM4YC9G9-YwbmjqA826FkS~vw9pHMAEwYDbcFjIN14nYfe0tkIwIQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=gs870w32.exe

http://dfn.dl.sourceforge.net/project/ghostscript/GPL Ghostscript/.../gs870w32.exe

http://downloads.sourceforge.net/project/ghostscript/GPL Ghostscript/.../gs870w32.exe

Scan ghostscript870w32.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.