home

Ghostsrv.exe

Symantec GhostCast Server

Symantec Corporation

This is installed with multiple programs including Symantec Ghost Console Client and Symantec Ghost Standard Tools. The file has been seen being downloaded from download1256.mediafire.com.
Publisher:
Symantec Corporation  (signed and verified)

Product:
Symantec GhostCast Server

Description:
Symantec GhostCast Server for Windows

Version:
11.5.1.2266

MD5:
f62b7b2309f2f44f23ad6daec7508dec

SHA-1:
e5f7e83cb1ca158978b2d5bed33e64cfd48a7be0

SHA-256:
e87e257389509bc9644676828c4eaa60bd2d6c8c0e3694dd53f95137daf9a258

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
1/12/2025 10:51:14 PM UTC  (today)

File size:
685.4 KB (701,832 bytes)

Product version:
11.5.1.2266

Copyright:
Copyright (C) 1998-2010 Symantec Corporation. All rights reserved.

Original file name:
Ghostsrv.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\symantec\ghost\ghostsrv.exe

Digital Signature
Signed by:
Symantec Corporation

Authority:
VeriSign, Inc.

Valid from:
10/31/2007 12:00:00 AM

Valid to:
11/24/2010 11:59:59 PM

Subject:
CN=Symantec Corporation, OU=Symantec Research Labs, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Symantec Corporation, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
758F5EE8263B6694719D8434EB998608

File PE Metadata
Compilation timestamp:
12/24/2009 3:37:29 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:DJj1REerfFv3imrpGCie3e4wb/g4jYeUst6v+9jE+kcuhrPOXpxyC/hyv2xqGy3S:DJpRdfpkCYL3jYwtB

Entry address:
0x57466

Entry point:
E8, 76, EF, 00, 00, E9, 16, FE, FF, FF, 8B, 44, 24, 04, 33, C9, 3B, 04, CD, C8, 3E, 49, 00, 74, 12, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0C, 6A, 0D, 58, C3, 8B, 04, CD, CC, 3E, 49, 00, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, C3, E8, 18, 52, 00, 00, 85, C0, 75, 06, B8, 30, 40, 49, 00, C3, 83, C0, 08, C3, E8, 05, 52, 00, 00, 85, C0, 75, 06, B8, 34, 40, 49, 00, C3, 83, C0, 0C, C3, 56, E8, E7, FF, FF, FF, 8B, 4C, 24, 08, 51, 89, 08, E8, 8D, FF, FF, FF, 59, 8B, F0...
 
[+]

Entropy:
6.3005

Code size:
460 KB (471,040 bytes)

The file Ghostsrv.exe has been discovered within the following programs.

Symantec Ghost Console Client  by Symantec Corporation
Publisher's description - “Symantec Ghost is the industry’s most widely-used deployment, system management, and computer imaging software solution. Use Ghost’s proven hardware-independent imaging capabilities to significantly accelerate day-to-day imaging and deployment needs.”
www.symantec.com
10% remove it
Symantec Ghost Standard Tools  by Symantec Corporation
4% remove it
 
Powered by Should I Remove It?

The file Ghostsrv.exe has been seen being distributed by the following URL.

http://download1256.mediafire.com/n2uk8o3jm3fg/.../GhostSrv.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.