home

EmsServiceHelper.exe

External Media Encryption Service Helper.

Credant Technologies

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘EmsService’.
Publisher:
CREDANT Technologies, Inc.  (signed by Credant Technologies)

Product:
External Media Encryption Service Helper.

Version:
7.3.0.6549

MD5:
4ee3d49e51d6e3b4a21a359906b0ae5f

SHA-1:
0a7fc4f453b711b32138309fa4110551b35157e9

SHA-256:
8a34656bc4757c48febc8146b875c5e0c5583bf7d8dc477e0525144a1ab94f9f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/1/2024 1:16:34 AM UTC  (today)

File size:
938.3 KB (960,856 bytes)

Product version:
7.3.0.6549

Copyright:
Copyright© 2002-2012 CREDANT Technologies, Inc.

Trademarks:
CREDANT®, CREDANT Technologies®, and the CREDANT logo® tagline are registered trademarks of CREDANT Technologies, Inc. All other trademarks used herei

Original file name:
EmsServiceHelper.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\emsservicehelper.exe

Digital Signature
Signed by:
Credant Technologies

Authority:
VeriSign, Inc.

Valid from:
7/6/2014 8:00:00 PM

Valid to:
8/1/2017 7:59:59 PM

Subject:
CN=Credant Technologies, O=Credant Technologies, L=Addison, S=Texas, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
59D03504CC1EE9298C29FC88AB37A703

File PE Metadata
Compilation timestamp:
11/20/2014 2:23:53 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:NZvsEJDpKFYkOa1bOcAEw9NI+/nOQS/P55p0dJOHTrdv0:NZB0CNa1bOc0kB5pCJETru

Entry address:
0x6DD04

Entry point:
E8, 68, 90, 00, 00, E9, 17, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, 15, 5C, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 1A, 0C, 00, 00, 83, C4, 14, 8B, C6, EB, 45, 39, 7D, 10, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, 9A, 0F, 00, 00, 83, C4, 0C, EB, C1, FF, 75, 0C, 57, FF, 75, 08, E8, 79, 0E, 00, 00, 83, C4, 0C, 39, 7D, 10, 74, B6, 39, 75, 0C, 73, 0E, E8, C6, 5B, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, AD, 6A, 16...
 
[+]

Entropy:
6.4435

Code size:
676 KB (692,224 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
EmsService

Command:
emsservicehelper.exe


Scan EmsServiceHelper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.