home

EmsServiceHelper.exe

Credant External Media Shield

Credant Technologies

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘EmsService’.
Publisher:
CREDANT Technologies, Inc.  (signed by Credant Technologies)

Product:
Credant External Media Shield

Description:
Credant external media encryption service helper.

Version:
6.6.0.1344

MD5:
741da8d16342395adc3b61403b5c35b5

SHA-1:
a38350bddb31a2e16677f52d5f12a64e0d270789

SHA-256:
500dbe8d365eddaecd1884328ea335e3c2268db81652814debacaf15561449e0

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 1:15:17 AM UTC  (today)

File size:
2.2 MB (2,292,064 bytes)

Product version:
6.6.0.1344

Copyright:
Copyright © 2002-2009 CREDANT Technologies, Inc.

Trademarks:
CREDANT®, CREDANT Technologies®, the CREDANT logo, and the We Protect What Matters® tagline are registered trademarks of CREDANT Technologies, Inc. Al

Original file name:
EmsServiceHelper.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\emsservicehelper.exe

Digital Signature
Signed by:
Credant Technologies

Authority:
VeriSign, Inc.

Valid from:
5/4/2009 8:00:00 PM

Valid to:
6/24/2010 7:59:59 PM

Subject:
CN=Credant Technologies, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Credant Technologies, L=Addison, S=Texas, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3D659EAC38F076660AA3CCC1FEFC5619

File PE Metadata
Compilation timestamp:
1/12/2010 2:23:21 AM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
49152:MUSdcBUXG6j56y4hrrrrrrrrrIJ/SJ/SJ/SJ/SJ/P:MUFhrrrrrrrrrIFSFSFSFSFP

Entry address:
0x394D0

Entry point:
48, 83, EC, 28, E8, F7, 73, 00, 00, 48, 83, C4, 28, E9, 0E, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 48, 83, EC, 38, 4D, 85, C9, 48, 89, 5C, 24, 48, 48, 89, 74, 24, 50, 48, 89, 7C, 24, 58, 49, 8B, D9, 49, 8B, F0, 48, 8B, FA, 74, 56, 48, 85, C9, 75, 3C, E8, 45, 49, 00, 00, 45, 33, C9, 45, 33, C0, 33, D2, 33, C9, 48, C7, 44, 24, 20, 00, 00, 00, 00, C7, 00, 16, 00, 00, 00, E8, B7, 14, 00, 00, B8, 16, 00, 00, 00, 48, 8B, 7C, 24, 58, 48, 8B, 74, 24, 50, 48, 8B, 5C, 24, 48, 48, 83, C4...
 
[+]

Entropy:
6.2245

Code size:
413.5 KB (423,424 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
EmsService

Command:
emsservicehelper.exe


Scan EmsServiceHelper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.