home

EMET_notifier.exe

Enhanced Mitigation Experience Toolkit

Microsoft Corporation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘EMET Notifier’.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Enhanced Mitigation Experience Toolkit

Description:
EMET Notifier

Version:
3.0.0

MD5:
a915e9e86853e86aaf0216675556b890

SHA-1:
af4f6d13b4cf8746b35bfe6418d59169e7345835

SHA-256:
d0579457a225bfee2740d3ae8c77ad853bd571d20203df331ebbcf05214dcddf

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/26/2024 5:17:22 AM UTC  (today)

File size:
148.6 KB (152,152 bytes)

Product version:
3.0.0

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
EMET_notifier.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\emet\emet_notifier.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
10/10/2011 4:32:25 PM

Valid to:
1/10/2013 3:32:25 PM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
6119CC93000100000066

File PE Metadata
Compilation timestamp:
5/7/2012 2:51:36 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:4x+zAx3zqULfkx+zAx3zqULVmsYx+zAxrzqULUIys:pUZZLflUZZLV3UpZLUIF

Entry address:
0x1A0BE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.5813

Developed / compiled with:
Microsoft Visual C# v7.0 / Basic .NET

Code size:
96.5 KB (98,816 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
EMET Notifier

Command:
C:\Program Files\emet\emet_notifier.exe


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.