home

Ghost32.exe

Symantec Ghost

Symantec Corporation

This is a setup program which is used to install the application. This is installed with multiple programs including Symantec Ghost Standard Tools and Symantec Ghost Console Client. The file has been seen being downloaded from 199.91.154.219 and multiple other hosts.
Publisher:
Symantec Corporation  (signed and verified)

Product:
Symantec Ghost

Version:
11.5.1.2266

MD5:
9e87b32ff2fd014a04d1676b69c8df18

SHA-1:
e3111c6eb2517a6579f3213440fb142a2d709371

SHA-256:
4816b5afba62edd267bac3f9936b09de9e8eccf3cbf49cad88800af2bf9a3905

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 4:46:19 PM UTC  (today)

File size:
3.8 MB (3,980,680 bytes)

Product version:
11.5.1.2266

Copyright:
Copyright (C) 1998-2010 Symantec Corporation. All rights reserved.

Original file name:
Ghost32.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ghost32.exe

Digital Signature
Signed by:
Symantec Corporation

Authority:
VeriSign, Inc.

Valid from:
10/31/2007 7:00:00 AM

Valid to:
11/25/2010 6:59:59 AM

Subject:
CN=Symantec Corporation, OU=Symantec Research Labs, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Symantec Corporation, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
758F5EE8263B6694719D8434EB998608

File PE Metadata
Compilation timestamp:
12/24/2009 10:11:04 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

CTPH (ssdeep):
49152:5yXCP7X3uQ3YlZfbM3DacNHHO0DZyL8x+2wmyrS5uDOzQaz07kfHWRHiaHSiBeh4:wcKNZf8mGHVD5x+2wTRf4fHgCm

Entry address:
0x24CCD5

Entry point:
E8, 9E, BA, 00, 00, E9, 40, FE, FF, FF, 55, 8B, EC, 83, EC, 14, 56, FF, 75, 10, 8D, 4D, EC, E8, 52, 9E, FF, FF, 8B, 55, 08, 33, F6, 3B, D6, 75, 2F, E8, D8, F1, FF, FF, 56, 56, 56, 56, 56, C7, 00, 16, 00, 00, 00, E8, 5E, 83, FF, FF, 83, C4, 14, 80, 7D, F8, 00, 74, 07, 8B, 45, F4, 83, 60, 70, FD, B8, FF, FF, FF, 7F, E9, CD, 01, 00, 00, 53, 8B, 5D, 0C, 3B, DE, 75, 2F, E8, A1, F1, FF, FF, 56, 56, 56, 56, 56, C7, 00, 16, 00, 00, 00, E8, 27, 83, FF, FF, 83, C4, 14, 80, 7D, F8, 00, 74, 07, 8B, 45, F4, 83, 60, 70...
 
[+]

Code size:
2.7 MB (2,842,624 bytes)

The file Ghost32.exe has been discovered within the following programs.

Symantec Ghost Console Client  by Symantec Corporation
Publisher's description - “Symantec Ghost is the industry’s most widely-used deployment, system management, and computer imaging software solution. Use Ghost’s proven hardware-independent imaging capabilities to significantly accelerate day-to-day imaging and deployment needs.”
www.symantec.com
10% remove it
Symantec Ghost Standard Tools  by Symantec Corporation
4% remove it
 
Powered by Should I Remove It?

The file Ghost32.exe has been seen being distributed by the following 6 URLs.

http://199.91.154.219/j8jd1s7x42eg/.../Ghost32.Exe

https://doc-0g-54-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/2kru6a3ari9mspub9uq1a3cmv6brvs79/1410537600000/16130664838257646083/.../0B8qB_NT7fZdPeE94THJ6N3BST2c?h=16653014193614665626&e=download

http://download1141.mediafire.com/kl7cm95xr4eg/.../Ghost32.Exe

https://www.dropbox.com/s/.../ghost32.exe

http://u.to/WMlkBQ

http://www.8985.co.kr/.../download.php?bo_table=data&wr_id=46&no=0

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.