home

ghost64 11.5.0.2113.exe

Symantec Ghost

Symantec Corporation

This is installed with multiple programs including Symantec Ghost Standard Tools. The file has been seen being downloaded from s10670.chomikuj.pl and multiple other hosts.
Publisher:
Symantec Corporation  (signed and verified)

Product:
Symantec Ghost

Version:
11.5.0.2113

MD5:
1fb6d82e395e06d219b63f0d2b5fa700

SHA-1:
792391c6fec06969385091a66db8befb2315da7b

SHA-256:
fb175815112b758dc90644ffeab930973df9167c1dfdc510bb775140b3628fa5

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 4:35:22 AM UTC  (today)

File size:
7 MB (7,350,664 bytes)

Product version:
11.5.0.2113

Copyright:
Copyright (C) 1998-2008 Symantec Corporation. All rights reserved.

Original file name:
Ghost64.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Digital Signature
Signed by:
Symantec Corporation

Authority:
VeriSign, Inc.

Valid from:
10/31/2007 12:00:00 AM

Valid to:
11/24/2010 11:59:59 PM

Subject:
CN=Symantec Corporation, OU=Symantec Research Labs, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Symantec Corporation, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
758F5EE8263B6694719D8434EB998608

File PE Metadata
Compilation timestamp:
4/22/2008 10:15:59 AM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
8.0

CTPH (ssdeep):
49152:J3dGSE1vQrIfGdHEKrOlcEm7mXVrduy4Uh8Fd84xlievO4kp1ukOjeD9GknI0KHh:JxmWIud0l5b4ffU4SGknuLof2t3T

Entry address:
0x434E00

Entry point:
48, 83, EC, 28, E8, A7, 16, 01, 00, 48, 83, C4, 28, E9, 4E, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8B, F9, E8, CE, A4, 00, 00, 48, 8B, 98, D0, 00, 00, 00, E8, C2, A4, 00, 00, 48, 89, B8, D0, 00, 00, 00, 48, 8B, C3, 48, 8B, 5C, 24, 30, 48, 83, C4, 20, 5F, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8B, F9, E8, 8E, A4, 00, 00, 48, 8B, 98, D8, 00, 00, 00, E8, 82, A4, 00, 00, 48, 89...
 
[+]

Entropy:
6.2932

Code size:
4.6 MB (4,869,120 bytes)

The file ghost64 11.5.0.2113.exe has been discovered within the following programs.

Symantec Ghost Console Client  by Symantec Corporation
Publisher's description - “Symantec Ghost is the industry’s most widely-used deployment, system management, and computer imaging software solution. Use Ghost’s proven hardware-independent imaging capabilities to significantly accelerate day-to-day imaging and deployment needs.”
www.symantec.com
10% remove it
Symantec Ghost Standard Tools  by Symantec Corporation
4% remove it
VMware Horizon Client  by VMware, Inc.
www.vmware.com
3% remove it
 
Powered by Should I Remove It?

The file ghost64 11.5.0.2113.exe has been seen being distributed by the following 4 URLs.

http://s10670.chomikuj.pl/File.aspx?e=GZFmkGSN2Pc5avICoYinjXGNgb5z15TOGONByaB3shX2--1Iezoyziyh-VraQX6J6TSbUokvJ3qbR7wP09kWsRVHNaBdCpGk2sTyfiwh6zebV6dZKi3zE_WuuEWB6QvKPHnKGx2ybXxKIEX9sZEdMw&pv=2

http://download981.mediafire.com/b7n418kqumrg/.../Ghost64.exe

http://dc350.4shared.com/download/.../Ghost64_11502113.exe

ftp://sebaszz.ftp.sh/Files/.../Ghost64.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.