home

Ghost64.exe

Symantec Ghost

Symantec Corporation

This is installed with multiple programs including Symantec Ghost Standard Tools and Symantec Ghost Console Client. The file has been seen being downloaded from www.8985.co.kr.
Publisher:
Symantec Corporation  (signed and verified)

Product:
Symantec Ghost

Version:
11.5.1.2266

MD5:
3807d45a4d5e7e9b0c2b36b82da04794

SHA-1:
bc178ec3cdc0a2aa5196610d16efeed928b653e3

SHA-256:
19cc096e939e3f37625eb21ae03eccaab1dab7483be362dc4247538ead697379

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/28/2024 1:38:55 AM UTC  (today)

File size:
7.1 MB (7,429,000 bytes)

Product version:
11.5.1.2266

Copyright:
Copyright (C) 1998-2010 Symantec Corporation. All rights reserved.

Original file name:
Ghost64.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\symantec\ghost\ghost64.exe

Digital Signature
Signed by:
Symantec Corporation

Authority:
VeriSign, Inc.

Valid from:
10/31/2007 12:00:00 AM

Valid to:
11/24/2010 11:59:59 PM

Subject:
CN=Symantec Corporation, OU=Symantec Research Labs, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Symantec Corporation, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
758F5EE8263B6694719D8434EB998608

File PE Metadata
Compilation timestamp:
12/24/2009 3:51:01 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
8.0

CTPH (ssdeep):
49152:6Jxdw6wiUEWeXwKY/8W838XbkQonBAvq5CdoU39TnAnK4pbi2o5nAWfPBMXMNuk1:SUyXA6nBA7Nr4p9oNqqWIn0Z3po

Entry address:
0x4857E0

Entry point:
48, 83, EC, 28, E8, F7, 16, 01, 00, 48, 83, C4, 28, E9, 4E, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 48, 89, 74, 24, 20, 57, 48, 83, EC, 70, 4D, 85, C0, 48, 8B, F2, 48, 8B, F9, C6, 44, 24, 68, 00, 0F, 85, 98, 00, 00, 00, E8, 5D, A6, 00, 00, 48, 89, 44, 24, 60, 4C, 8B, D8, 4C, 8B, 80, C0, 00, 00, 00, 4C, 3B, 05, 57, 90, 22, 00, 4C, 89, 44, 24, 50, 4C, 8B, 90, B8, 00, 00, 00, 4C, 89, 54, 24, 58, 74, 22, 8B, 88, C8, 00, 00, 00, 85, 0D, C0, 8E, 22, 00, 75, 14, E8, 71, 34, 00, 00, 4C...
 
[+]

Entropy:
6.2885

Code size:
4.7 MB (4,922,880 bytes)

The file Ghost64.exe has been discovered within the following programs.

Symantec Ghost Console Client  by Symantec Corporation
Publisher's description - “Symantec Ghost is the industry’s most widely-used deployment, system management, and computer imaging software solution. Use Ghost’s proven hardware-independent imaging capabilities to significantly accelerate day-to-day imaging and deployment needs.”
www.symantec.com
10% remove it
Symantec Ghost Standard Tools  by Symantec Corporation
4% remove it
 
Powered by Should I Remove It?

The file Ghost64.exe has been seen being distributed by the following URL.

http://www.8985.co.kr/.../download.php?bo_table=data&wr_id=46&no=1

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.