home

EmsServiceHelper.exe

Credant External Media Shield

Credant Technologies

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘EmsService’.
Publisher:
CREDANT Technologies, Inc.  (signed by Credant Technologies)

Product:
Credant External Media Shield

Description:
Credant external media encryption service helper.

Version:
6.8.0.2493

MD5:
133a9beb3b6ae373e06441e83be8ca49

SHA-1:
39bf3c9ee777823f9b47e2529dcf4d44b34ba053

SHA-256:
12f2fee3ba8c7672b5fb56b09ab198876ea73ef70e4c762754376e08238abd26

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 12:55:08 PM UTC  (today)

File size:
2.2 MB (2,302,376 bytes)

Product version:
6.8.0.2493

Copyright:
Copyright © 2002-2010 CREDANT Technologies, Inc.

Trademarks:
CREDANT®, CREDANT Technologies®, the CREDANT logo, and the We Protect What Matters® tagline are registered trademarks of CREDANT Technologies, Inc. Al

Original file name:
EmsServiceHelper.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\emsservicehelper.exe

Digital Signature
Signed by:
Credant Technologies

Authority:
VeriSign, Inc.

Valid from:
6/14/2010 5:00:00 PM

Valid to:
6/24/2011 4:59:59 PM

Subject:
CN=Credant Technologies, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Credant Technologies, L=Addison, S=Texas, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
416C08675D64AA776021F9FF5C8201EF

File PE Metadata
Compilation timestamp:
9/3/2010 1:13:41 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
49152:pyYDOXhng5rejgwrrrrrrrrrIJ/SJ/SJ/SJ/SJ/9:pyfrrrrrrrrrIFSFSFSFSF

Entry address:
0x39E80

Entry point:
48, 83, EC, 28, E8, 07, 74, 00, 00, 48, 83, C4, 28, E9, 0E, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 48, 83, EC, 38, 4D, 85, C9, 48, 89, 5C, 24, 48, 48, 89, 74, 24, 50, 48, 89, 7C, 24, 58, 49, 8B, D9, 49, 8B, F0, 48, 8B, FA, 74, 56, 48, 85, C9, 75, 3C, E8, 45, 49, 00, 00, 45, 33, C9, 45, 33, C0, 33, D2, 33, C9, 48, C7, 44, 24, 20, 00, 00, 00, 00, C7, 00, 16, 00, 00, 00, E8, B7, 14, 00, 00, B8, 16, 00, 00, 00, 48, 8B, 7C, 24, 58, 48, 8B, 74, 24, 50, 48, 8B, 5C, 24, 48, 48, 83, C4...
 
[+]

Entropy:
6.2219

Code size:
417 KB (427,008 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
EmsService

Command:
emsservicehelper.exe


Scan EmsServiceHelper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.