home

gs860w32.exe

The program is a setup application that uses the WinZip SFX installer. The file has been seen being downloaded from global-shared-files-lw.softonic.com and multiple other hosts.
MD5:
f35ec8dfeefdfdcce053027ca4289f7a

SHA-1:
583a23798936fc0fe0922038547e0893377392ea

SHA-256:
4936c58b55c23296e4a6ccf38971c43343b1fa7c5f7f18c202a5a39ebe1acaf6

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 3:31:09 AM UTC  (today)

File size:
11.7 MB (12,289,536 bytes)

File type:
Executable application (Win32 EXE)

Installer:
WinZip SFX

File PE Metadata
Compilation timestamp:
1/9/2001 3:09:05 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.10

CTPH (ssdeep):
196608:wD/WH9+B38E9v3AMzufrbn2KegxmR4fABKDKB75mGdyxa2NBjEnu+7uOkM82wohp:wM9u38EVwMu3n07WABK8/aEduOdhnjbZ

Entry address:
0x3F8F

Entry point:
53, FF, 15, 4C, 70, 40, 00, B3, 22, 38, 18, 74, 03, 80, C3, FE, 8A, 48, 01, 40, 33, D2, 3A, CA, 74, 0A, 3A, CB, 74, 06, 8A, 48, 01, 40, EB, F2, 38, 10, 74, 01, 40, 52, 50, 52, 52, FF, 15, 50, 70, 40, 00, 50, E8, 9E, F3, FF, FF, 50, FF, 15, 54, 70, 40, 00, 5B, C3, 8B, 44, 24, 04, 8B, 40, 3C, 05, F8, 00, 00, 00, C3, 55, 8B, EC, 51, A1, 88, 94, 40, 00, 83, 0D, 00, 93, 40, 00, FF, 56, 33, F6, 39, 35, 40, 8E, 40, 00, 89, 35, 34, 94, 40, 00, 89, 35, 84, 94, 40, 00, A3, 24, 97, 40, 00, 75, 05, E8, 9D, D2, FF, FF...
 
[+]

Packer / compiler:
WinZip, 0x32-bit SFX v8.x module

Code size:
21.5 KB (22,016 bytes)

The file gs860w32.exe has been discovered within the following program.

GIMP 2.6.11  by The GIMP Team
GIMP (GNU Image Manipulation Program) is an image retouching and editing tool. GIMP has tools used for image retouching and editing, free-form drawing, resizing, cropping, photo-montages, converting between different image formats, and more specialised tasks.
gimp-win.sourceforge.net
10% remove it
 
Powered by Should I Remove It?

The file gs860w32.exe has been seen being distributed by the following 5 URLs.

http://global-shared-files-lw.softonic.com/583/a23/.../gs860w32.exe

http://gsf-cf.softonic.com/583/a23/.../file?SD_used=0&channel=WEB&fdh=no&id_file=43053&instance=softonic_br&type=PROGRAM&Expires=1445682115&Signature=g2kgV4MruaJk5Hvka5YyHvHX5xv~~-mqcoOlJjbqzesEAdlN6~MS351ySjpw9O~OYKWsZUB~n4WXRsFw4oQe-MwiV67MTzAPgysKtNt-cY-yDV0d0p7hXejJSFBwubOEH913r29Vun8OGKbPccARKZoaLBLCizIPUvsfkknpa9g_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=gs860w32.exe

http://afpl-ghostscript.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxANc6jZmmcn4DoXXwH2nlAIV3yIxhdejcFbIDsQdzuRugUrzXLiNOzc1EGpv7zv/lKXtH/Sq4rpQJcJ43BxNiCasCGQWj3Lg3icWveRgRL4lP96Kv 2ZsVcQ YAIt4m1j6N bxT28eJzKcXOdHrYWxlakYu3ytpg4mSmK0/Ib57m 1NkbZbLRWfgoP4I6R//dz3c4s8zyL05Wgm8mKAF1hUacBPWu3vtoz4Lp4a5uOgmrisykwROySkzbP6ZZz51nlX52 mW2Mbi8AWbobtQTDjLliyfZvR8beWr//Vnjg5tJYdmGMovKadOcKwT4hzOWvx9tyaBFc5ualls54wImIq7Tpe7moR0nYrwJch/8c6c4GtmPO50aq5NxFdoo 7lOfOLColJQqcU7ACsayW50DDdKjiS4 6KRMTc8Ok/Knep TmgVb Cp/sbmhuAzCNRq6IpgLFEDz9l37GRgE8EyRaVFCiGhvGzhZvh387fnxcN71Aqi6WzH60e8N6nqrkQNQNGUU5M7nvTYOzY85h6mM6MpYE4WVia29Mzlmuhy3z7c8Y/.../X61c60UBtm5t8PhXoqsq

http://www.pdfill.com/.../gs860w32.exe

http://downloads.sourceforge.net/project/ghostscript/GPL Ghostscript/.../gs860w32.exe

Scan gs860w32.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.