Overview

overview

7

Static

static

3

gs10021w64.exe

windows7-x64

7

gs10021w64.exe

windows10-2004-x64

7

$PLUGINSDI...rd.bmp

windows7-x64

3

$PLUGINSDI...rd.bmp

windows10-2004-x64

7

doc/COPYING

windows7-x64

1

doc/COPYING

windows10-2004-x64

1

doc/HowToB...cs.txt

windows7-x64

1

doc/HowToB...cs.txt

windows10-2004-x64

1

doc/colorm...nt.tex

windows7-x64

3

doc/colorm...nt.tex

windows10-2004-x64

3

doc/langua...ar.png

windows7-x64

3

doc/langua...ar.png

windows10-2004-x64

3

doc/langua...le.png

windows7-x64

3

doc/langua...le.png

windows10-2004-x64

3

doc/langua...er.png

windows7-x64

3

doc/langua...er.png

windows10-2004-x64

3

doc/langua...ar.png

windows7-x64

3

doc/langua...ar.png

windows10-2004-x64

3

doc/pclxps/Makefile

windows7-x64

1

doc/pclxps/Makefile

windows10-2004-x64

1

doc/pclxps/README

windows7-x64

1

doc/pclxps/README

windows10-2004-x64

1

doc/pclxps...dl.tex

windows7-x64

3

doc/pclxps...dl.tex

windows10-2004-x64

3

doc/pclxps...dl.txt

windows7-x64

1

doc/pclxps...dl.txt

windows10-2004-x64

1

doc/src/API.rst

windows7-x64

3

doc/src/API.rst

windows10-2004-x64

3

doc/src/C-style.rst

windows7-x64

3

doc/src/C-style.rst

windows10-2004-x64

3

doc/src/Develop.rst

windows7-x64

3

doc/src/Develop.rst

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    gs10021w64.exe

  • Size

    61.7MB

  • Sample

    240223-ps96ysgc88

  • MD5

    f63aac688f92b4e6f1c43944317d5d2e

  • SHA1

    ffb94baf4f7512426770677a7a012f83eab4838b

  • SHA256

    40dca8cc9156a448082670599d1779339738028a616b3c1047178cf0a0baa6e5

  • SHA512

    f93cd5f07f358c7ca445c02a18a0026dc1fd5fbb8697db830c3661d98e42ac852938b50401179435d0704e5512b6bfa7409ac6386c5ae7b4596e0d1534e41b7b

  • SSDEEP

    1572864:C2oBTMqP1ZkXMmzxNBP/zWjWHDtXr8rwP1G1Y1ex4PuS:NcTMEkXnzz6WjlACMjxVS

Score
7/10
discoverylinkpdf

Malware Config

Targets

    • Target

      gs10021w64.exe

    • Size

      61.7MB

    • MD5

      f63aac688f92b4e6f1c43944317d5d2e

    • SHA1

      ffb94baf4f7512426770677a7a012f83eab4838b

    • SHA256

      40dca8cc9156a448082670599d1779339738028a616b3c1047178cf0a0baa6e5

    • SHA512

      f93cd5f07f358c7ca445c02a18a0026dc1fd5fbb8697db830c3661d98e42ac852938b50401179435d0704e5512b6bfa7409ac6386c5ae7b4596e0d1534e41b7b

    • SSDEEP

      1572864:C2oBTMqP1ZkXMmzxNBP/zWjWHDtXr8rwP1G1Y1ex4PuS:NcTMEkXnzz6WjlACMjxVS

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/modern-wizard.bmp

    • Size

      25KB

    • MD5

      cbe40fd2b1ec96daedc65da172d90022

    • SHA1

      366c216220aa4329dff6c485fd0e9b0f4f0a7944

    • SHA256

      3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

    • SHA512

      62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

    • SSDEEP

      24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

    • Target

      doc/COPYING

    • Size

      33KB

    • MD5

      73f1eb20517c55bf9493b7dd6e480788

    • SHA1

      78e50e186b04c8fe1defaa098f1c192181b3d837

    • SHA256

      57c8ff33c9c0cfc3ef00e650a1cc910d7ee479a8bc509f6c9209a7c2a11399d6

    • SHA512

      a0a86214ea153fb07ff35ceec0848dd1703eae22de036a825efc8394e50f65e3044832f3b49cf7e45a39edc470bdf738abc36a3a78ca7df3a6e73c14eaef94a8

    • SSDEEP

      384:ZuvgUu2qVTfofITuM2Vs6aHGUa1lufWkGVBmnLRfCiR1XAnLuaa9f/d5zgUaGhqU:Zqk3LTB2VsrHG/OfvMmnBCtLmJY174

    Score
    1/10
    behavioral5behavioral6

    • Target

      doc/HowToBuildTheDocs.txt

    • Size

      3KB

    • MD5

      ea63f16c19255f34a9e5028c8a407e6e

    • SHA1

      eb4fd58353f92db941b514d1c9aefbb3412b24b1

    • SHA256

      5f989cdbff6cad99e2203cd3b7ecd231a2d11f2798b5cf93bd8d24f079ec6885

    • SHA512

      3f402433121632998c7870e53f696fe42ed1a6d8faa3212e61722e789c8bf914e95c9226d624b6f212f53f6359358d95c31103a37c12a4fd769e85d8b8bb9f89

    Score
    1/10
    behavioral7behavioral8

    • Target

      doc/colormanage/GS9_Color_Management.tex

    • Size

      83KB

    • MD5

      89e718ba39ebfb13fc2cf095bd04d8bc

    • SHA1

      010f8588665297f0d656c20cab6a50d74a204f9b

    • SHA256

      53c5f1da6fe591327f545d9054b58de3ec80ebd6039e9185e259abab532ce937

    • SHA512

      152545d1a3017c565bcfc7f5211f285062d0358123a3e772a50409e7305df0080a8edb2920011501f0268e1d4d10fc6a5409e3b8a0885288fe96922eda999209

    • SSDEEP

      1536:gR+pS90yGWu7GjNnqhQhe/+tCGKXbtfacTFIm6YeSVDI+hq0jgSvGzdjpvW0FpcG:gR+A0yGWu7GjNnqhQhhtCGKXbtfacTFS

    Score
    3/10
    behavioral10behavioral9

    • Target

      doc/language-bindings/images/export-jar.png

    • Size

      198KB

    • MD5

      586f4edcca27d0ec0b6bcdfcafa4e75f

    • SHA1

      7c865a8e7d9c2dd77f177633a4591235977e1224

    • SHA256

      baf9686c96aeae14f794b9906ef7c76af16f876142d710c7f8d624d1bca9503b

    • SHA512

      fa091254e209828b78b1bf79dba1e961400598e0774787c1f31840fe8ac7271513be1a55c02e2fdbb3d602fe08d55714d53eea511699c21f9c02e462a9ac5a01

    • SSDEEP

      6144:39l+QNvyVgQyAvL6r10GHfiJfnHMcvVGGY:3n+QJgfvLQ11HfYHMcwGY

    Score
    3/10
    behavioral11behavioral12

    • Target

      doc/language-bindings/images/ghostnet-wpf-example.png

    • Size

      344KB

    • MD5

      2368b041dd88d63869a99cf24735dfa4

    • SHA1

      9296f662cbcd85bb075c575e1a8f4578b0125dc9

    • SHA256

      e4bfc4c92f2ac7d8b4d94ea9c236d90e8ed55bf545202800db92585060311669

    • SHA512

      4e3238dc3a73efb7092408f9534e0e8b696d4ac3607357955bc504f36801a21a3a5ad33833d14eb9f84f4cc207ab2e792167d20445b305689176f20a07a80ecb

    • SSDEEP

      6144:+pTzc+VKafI1cvAQb8/P8F/2NzFzmBXuje5ipVAnzt49NtqTLI+cASQKG:+pRVZgWYk8/PG2JFWXuje5OAB49Ntqwg

    Score
    3/10
    behavioral13behavioral14

    • Target

      doc/language-bindings/images/gsviewer.png

    • Size

      62KB

    • MD5

      380132b4af61f3baeb06737ff502b65d

    • SHA1

      b8adc6e83482c352d83dec3e0df4e3d9ea8437e2

    • SHA256

      0b69be4027b37c059d128f53709fe7577dbb5cf555bac72d3fc0a31fe0f57c3f

    • SHA512

      490183d9c4d45edc86f0fdcd1827e8ce187f1f1f1cc80bd4cb2244341880ed2f16c200e26b0dfae0c50f3e7ed5b402fd6387703ae64b56d05abcb9a03cb73932

    • SSDEEP

      1536:uzeW95ZlTnnnnwXQJb7OWOepWbEK+G0ekkhmyYPYHB8vv1pFd:uzT5ZlY0GDd+G0Rkhmlumv1pFd

    Score
    3/10
    behavioral15behavioral16

    • Target

      doc/language-bindings/images/linking-jar.png

    • Size

      109KB

    • MD5

      2d3a091b65b108fcbf288ea4a6e5f981

    • SHA1

      fc862c303b5c4eb67504b114026c3fc90ece6db0

    • SHA256

      3a0d0f867e418eb08e911a4745685f73b87d586b1dd2e941db249761ad2beabc

    • SHA512

      0a34a2a21ab630f8675de7be0c68e512dbcb084d6697abc87d1105a6cca9a25837a65a636ff5693773e57a0cb94b69d1685629d02e5f37fa0cfd4b581cafbe88

    • SSDEEP

      3072:iSfl2k4tdgHb54G8ZP38o4GVr/TRA0m9fdVKWQ3VE:/lzb54G8GoF7Rw9lVKha

    Score
    3/10
    behavioral17behavioral18

    • Target

      doc/pclxps/Makefile

    • Size

      152B

    • MD5

      ce18d50e7a18ed6960cb6681b3c0d8a5

    • SHA1

      0b2fe99d43ab5962cc1f99c1c0d6da7d20ee3289

    • SHA256

      1cb936e663a6d2f9efd478471775d75f05f7ff0d55c52e97de641677a9232443

    • SHA512

      756dae87ad86728890d369b9f4be9bc00444d95919aeaec698fb2408218765ccf4f342299b6f990a33314578fb0539c7880d781e1f758f95aa0b1ad7dda8ed2b

    Score
    1/10
    behavioral19behavioral20

    • Target

      doc/pclxps/README

    • Size

      93B

    • MD5

      86d1857410a38445360c9b8ce4790612

    • SHA1

      fb15db33b13e9c48e3742106770f9c67d423a43e

    • SHA256

      2497e4b82b30041b3ec151f2b495eb086efe44b4d29e2b58fdff09249af39c67

    • SHA512

      1c5d40059bc8f0667505213292b292e6ea3e4f47be081e57e96b1bb6b528bd037bf7a5a45aae80b04d89677a16e378ea3685ce555d910c8842e69c6a71300159

    Score
    1/10
    behavioral21behavioral22

    • Target

      doc/pclxps/ghostpdl.tex

    • Size

      17KB

    • MD5

      211a894e2d21512593597eecbf3b3c58

    • SHA1

      5dd96394bddfdada2b391248542ae37541a8f414

    • SHA256

      ce91de7d4ce957e272683aec46b7ebc62ca41f888bf461b221c54b224d02fdf7

    • SHA512

      f8bd6aac1fe100e51091fcdf98106cb200bd7b4290f73648ce22130203ffd5832187423b8476b654fd3b3a02c2301014f46884e39d4610672d987960aa9a1677

    • SSDEEP

      384:/mO/V/vw1CbCEwB1ktPWGHzz4MlFo6kRsvoW3jwzkivuODFm/aW631tyKmY:TVtI/GHzz4koTRsvoArmynY

    Score
    3/10
    behavioral23behavioral24

    • Target

      doc/pclxps/ghostpdl.txt

    • Size

      15KB

    • MD5

      c35f016e1e18528ad199e323499e8b31

    • SHA1

      6447e7e5630bcc0b85c044249bf905b5665dba48

    • SHA256

      35eb4fb61754783c9870c98888e353723207c3caf1bcb42cf102bc6a9e4b1a58

    • SHA512

      dfbac7291a234c6d71178a77874a85d7b3ac122d28ef542a1f703c159997e3c970e8f2b6edfe024fd55f8e585b058d18d6896bc10ceed177040db2f73f3006ef

    • SSDEEP

      384:F8rN8wgbQSMxUVJWV4SRx0ooO+f5PVem2gyORYmFa065lH:F52V4SwooO+h4IW

    Score
    1/10
    behavioral25behavioral26

    • Target

      doc/src/API.rst

    • Size

      62KB

    • MD5

      d7d651221f1a0cd60daf62ffbe48d3d3

    • SHA1

      85bcb6e630944ef3df6790b6177743ba0724167e

    • SHA256

      b01d820cd6e2368930bc607e1fa322dc1e1ce75c0be9342a90f332c23b05826d

    • SHA512

      f317fedf3b8d32384ccd72db6b45284b6cc2397abdb2b8c46834747aa297c364b5e1c2c3266f50c9dc3560f06ba934dcd4f73e88236b7ee2b7147f1c201e37e8

    • SSDEEP

      1536:WBwVk0dwubO84f3MqXvtcbZ+le6gL3cNOXUZc:stubOrMq/tcbZ+le6+3gRc

    Score
    3/10
    behavioral27behavioral28

    • Target

      doc/src/C-style.rst

    • Size

      40KB

    • MD5

      fad97e35e524392b4c69c0866de54ba6

    • SHA1

      793df172f204c1a6d453a51b097221db7cb8c6ac

    • SHA256

      64004fda7f196de682451d14969d407e24023be2ffda967b7ab4ab5d792c0ad5

    • SHA512

      6922c231925ef605aba6a345f06e13d7843d9dcf655f2e07a9264daecefac7f4223b9ab208fdf0098520ab1cad2b6c593696d273b7a2546be034abf7f3e262c7

    • SSDEEP

      768:ksMJzibRcV168jCqj9qDEBulrcaaIumWKq/EYkB3Y8sxVjcYVuOK:ksMJ71xawulIaaIuVKq1638VuJ

    Score
    3/10
    behavioral29behavioral30

    • Target

      doc/src/Develop.rst

    • Size

      105KB

    • MD5

      e56d2562c2a861888c93647adc3c868e

    • SHA1

      7a1568cc9b3121283cfd122efb281d1ce5855aa9

    • SHA256

      9a926548948c7aadd6cf723b757eaabbf0a9e43039d548b2b25cf3d3535e03f5

    • SHA512

      64a7e06826d7abc71a101b98a74f44533a9ed509789ecc8a9776276c4ae98bdee95e4191b1911b40a7ea174746a869d2c8392c6c132700029ac43742d923118b

    • SSDEEP

      3072:zdIJ44afjeTuqD0bJ8OZjB36Mc9wYAQWLqHw:z+J44afjeTuqD0x36gQWx

    Score
    3/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

pdflink
Score
3/10

behavioral1

discovery
Score
7/10

behavioral2

discovery
Score
7/10

behavioral3

Score
3/10

behavioral4

Score
7/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

Score
3/10

behavioral32

Score
3/10