home

EmsServiceHelper.exe

External Media Encryption Service Helper.

Credant Technologies

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘EMSService’.
Publisher:
CREDANT Technologies, Inc.  (signed by Credant Technologies)

Product:
External Media Encryption Service Helper.

Version:
7.3.0.7359

MD5:
4f1eaca2dccb74efbdd1439474a7c7d8

SHA-1:
51b9dfe5ab39c673851a5594e6b758dfa2b275f9

SHA-256:
822fc4edca83bea7b563bc936edba56aba2a05ab7a4ab3c9b7bae9acab5757eb

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/1/2024 5:49:30 AM UTC  (today)

File size:
1.4 MB (1,451,352 bytes)

Product version:
7.3.0.7359

Copyright:
Copyright© 2002-2012 CREDANT Technologies, Inc.

Trademarks:
CREDANT®, CREDANT Technologies®, and the CREDANT logo® tagline are registered trademarks of CREDANT Technologies, Inc. All other trademarks used herei

Original file name:
EmsServiceHelper.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\emsservicehelper.exe

Digital Signature
Signed by:
Credant Technologies

Authority:
VeriSign, Inc.

Valid from:
7/6/2014 5:00:00 PM

Valid to:
8/1/2017 4:59:59 PM

Subject:
CN=Credant Technologies, O=Credant Technologies, L=Addison, S=Texas, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
59D03504CC1EE9298C29FC88AB37A703

File PE Metadata
Compilation timestamp:
10/8/2015 8:38:18 AM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:Z5JAm0N43IPcufs4OdA+UVxDkmuM5FGz09RTnP9hrQGBH8:bJAnqRjLLIDz5FGz09RTP9dQGBc

Entry address:
0x9D9A0

Entry point:
48, 83, EC, 28, E8, 37, B5, 00, 00, 48, 83, C4, 28, E9, 0E, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 30, 4D, 85, C9, 49, 8B, D9, 49, 8B, F0, 48, 8B, FA, 74, 52, 48, 85, C9, 75, 38, E8, E9, 6D, 00, 00, 45, 33, C9, 45, 33, C0, 33, D2, 33, C9, 48, C7, 44, 24, 20, 00, 00, 00, 00, C7, 00, 16, 00, 00, 00, E8, FB, 13, 00, 00, B8, 16, 00, 00, 00, 48, 8B, 5C, 24, 40, 48, 8B, 74, 24, 48, 48, 83, C4, 30, 5F, C3, 4D, 85, C0, 74, 22, 48...
 
[+]

Entropy:
6.1585

Code size:
942 KB (964,608 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
EMSService

Command:
emsservicehelper.exe


Scan EmsServiceHelper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.