home

EmsServiceHelper.exe

External Media Encryption Service Helper.

Credant Technologies

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘EmsService’.
Publisher:
CREDANT Technologies, Inc.  (signed by Credant Technologies)

Product:
External Media Encryption Service Helper.

Version:
7.3.0.6549

MD5:
7d81e9b23846372ea860750704502529

SHA-1:
baf42b32754b700427acca0e37099d6bf421c0bd

SHA-256:
3ea0763366674cb429be77c39749b1f2afc4d5f6448a9634236adbe5508771e8

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/1/2024 4:23:13 AM UTC  (today)

File size:
1.4 MB (1,424,728 bytes)

Product version:
7.3.0.6549

Copyright:
Copyright© 2002-2012 CREDANT Technologies, Inc.

Trademarks:
CREDANT®, CREDANT Technologies®, and the CREDANT logo® tagline are registered trademarks of CREDANT Technologies, Inc. All other trademarks used herei

Original file name:
EmsServiceHelper.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\emsservicehelper.exe

Digital Signature
Signed by:
Credant Technologies

Authority:
VeriSign, Inc.

Valid from:
7/7/2014 2:00:00 AM

Valid to:
8/2/2017 1:59:59 AM

Subject:
CN=Credant Technologies, O=Credant Technologies, L=Addison, S=Texas, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
59D03504CC1EE9298C29FC88AB37A703

File PE Metadata
Compilation timestamp:
11/20/2014 8:25:44 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:1Cf94h1IJrRf0Kpr5fxrRKn3DCM+e35cMqlTndb0l:1Cf94TI/hITCW35cMqlTdA

Entry address:
0xA3BF0

Entry point:
48, 83, EC, 28, E8, 47, B8, 00, 00, 48, 83, C4, 28, E9, 0E, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 30, 4D, 85, C9, 49, 8B, D9, 49, 8B, F0, 48, 8B, FA, 74, 52, 48, 85, C9, 75, 38, E8, F9, 70, 00, 00, 45, 33, C9, 45, 33, C0, 33, D2, 33, C9, 48, C7, 44, 24, 20, 00, 00, 00, 00, C7, 00, 16, 00, 00, 00, E8, FB, 13, 00, 00, B8, 16, 00, 00, 00, 48, 8B, 5C, 24, 40, 48, 8B, 74, 24, 48, 48, 83, C4, 30, 5F, C3, 4D, 85, C0, 74, 22, 48...
 
[+]

Entropy:
6.1523

Code size:
920 KB (942,080 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
EmsService

Command:
emsservicehelper.exe


Scan EmsServiceHelper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.