home

rmhelper.exe

Rich Media Helper

Radiocom

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Rich Media Helper’.
Publisher:
Radiocom

Product:
Rich Media Helper

Version:
2.4.4.1383

MD5:
6d5852878a01796151e28975934b99a8

SHA-1:
cbbfd7d092a0c9ee0777db67aaa5d5e20f5fb1b6

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/25/2024 7:32:11 AM UTC  (today)

Scan engine
Detection
Engine version

Qihoo 360 Security
HEUR/QVM17.0.Malware.Gen
1.0.0.1015

File size:
740 KB (757,760 bytes)

Product version:
2.4.2.0

Copyright:
Copyright (C) Radiocom

Original file name:
rmhelper.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Application data\rich media player\data\rmhelper.exe

File PE Metadata
Compilation timestamp:
6/8/2015 11:35:00 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:rNG+qxykI3pq3FhG5Po9vItlBYTQCXUP+gmboeMxWrZ8sXnM8BsvSR:rU+qx/IA3FI5WvyBqDUWgmbzMArZ/M0R

Entry address:
0x1000

Entry point:
B8, BC, 6F, 64, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 3A, 38, 6B, 9F, D2, 54, E6, C7, F2, 5C, 3F, CE, 8F, 66, 58, 90, 94, 19, 63, 46, 03, C9, 6A, DE, 80, 0C, AD, EB, E9, 1E, 28, B9, 19, D0, C6, 8B, 7E, 50, A1, 87, DC, BC, 02, 94, 3D, 6A, C3, 71, 45, 63, 12, C4, 3C, 05, 0D, 50, D1, E6, 76, B7, 7B, A6, CE, E6, 94, 7B, FA, 9A, 42, 26, 72, 48, EA, B9, 87, 04, F3, A5, E3, 22, 21, 26, 94, 41, F7, 3A, 49, F9, 8F, 7F, 17, 18, DD...
 
[+]

Packer / compiler:
PECompact v2

Code size:
1.4 MB (1,479,168 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Rich Media Helper

Command:
C:\Documents and Settings\{user}\Application data\rich media player\data\rmhelper.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-23-21-223-72.compute-1.amazonaws.com  (23.21.223.72:80)

TCP (HTTP):
Connects to br-2.srvhost.com.br  (177.234.151.42:80)

Scan rmhelper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.