home

exeforservice.exe

Symantec Workspace Streaming Agent

Symantec Corporation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘AppMgrGui’.
Publisher:
Symantec Corporation  (signed and verified)

Product:
Symantec Workspace Streaming Agent

Description:
Streamed Application Launcher

Version:
6,4,0,546

MD5:
6d337566cf1b1021b52e2783e78cc8ff

SHA-1:
bc06ac27c3dccf443029bdc9c7e9cd83a5eaedeb

SHA-256:
0a53bc8a8b081df78a35794880e022d3f800b8c04cb071c311de36b143f4fa8b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 11:30:07 PM UTC  (a few moments ago)

File size:
60.4 KB (61,888 bytes)

Product version:
6,4,0,546

Copyright:
Copyright 2011, Symantec Corporation

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\symantec\workspace streaming\bin\exeforservice.exe

Digital Signature
Signed by:
Symantec Corporation

Authority:
VeriSign, Inc.

Valid from:
10/2/2011 8:00:00 PM

Valid to:
10/20/2014 7:59:59 PM

Subject:
CN=Symantec Corporation, OU=Symantec Endpoint Virtualization, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Symantec Corporation, L=Mountain View, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5385D735F46EC5BD781A47590F1D7AA2

File PE Metadata
Compilation timestamp:
11/4/2011 4:12:12 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
768:OTNrjhV9fKsJsEEU+wyFcpbhGYM4LOXiH94LOXiHJLFm7:4dhV95N8Fyb5LOXzLOXAo7

Entry address:
0x4518

Entry point:
48, 83, EC, 28, E8, 33, 03, 00, 00, 48, 83, C4, 28, E9, FE, FC, FF, FF, FF, 25, F0, 1E, 00, 00, 48, 89, 4C, 24, 08, 48, 81, EC, 88, 00, 00, 00, 48, 8D, 0D, DD, 6B, 00, 00, FF, 15, 17, 1D, 00, 00, 4C, 8B, 1D, C8, 6C, 00, 00, 4C, 89, 5C, 24, 58, 45, 33, C0, 48, 8D, 54, 24, 60, 48, 8B, 4C, 24, 58, E8, AD, 03, 00, 00, 48, 89, 44, 24, 50, 48, 83, 7C, 24, 50, 00, 74, 41, 48, C7, 44, 24, 38, 00, 00, 00, 00, 48, 8D, 44, 24, 48, 48, 89, 44, 24, 30, 48, 8D, 44, 24, 40, 48, 89, 44, 24, 28, 48, 8D, 05, 88, 6B, 00, 00...
 
[+]

Entropy:
6.0641

Code size:
18 KB (18,432 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
AppMgrGui

Command:
C:\Program Files\symantec\workspace streaming\bin\exeforservice.exe


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.