home

EmotiplusHelper.exe

EMOTIPLUS

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘EmotiplusHelper’.
Publisher:
EMOTIPLUS  (signed and verified)

Product:
Emotiplus

Description:
Emotiplus Helper

Version:
1.1.9.0

MD5:
bd9b7e231d86a2511be4e45a7fca0125

SHA-1:
700679daec8dd38975f57976d9b2423030c60db1

SHA-256:
16cf2c6577a5b2bc9df8246c48983c2caa5be677ff459ca51385cbb122e769bb

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/26/2024 11:48:20 AM UTC  (today)

File size:
213.9 KB (219,032 bytes)

Product version:
1.1.9.0

Copyright:
Copyright (C) 2017 Emotiplus

Original file name:
EmotiplusHelper.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\emotiplushelper\emotiplushelper.exe

Digital Signature
Signed by:
EMOTIPLUS

Authority:
VeriSign, Inc.

Valid from:
2/10/2016 4:00:00 PM

Valid to:
2/10/2018 3:59:59 PM

Subject:
CN=EMOTIPLUS, O=EMOTIPLUS, L=CASABLANCA, S=CASABLANCA, C=MA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3DCB742EA9E6E0E1F7FB8FC430929EE7

File PE Metadata
Compilation timestamp:
1/31/2017 4:43:03 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x411D

Entry point:
00, 8B, C0, FF, 25, 0C, 52, 41, 00, 8B, C0, FF, 25, 08, 52, 41, 00, 8B, C0, FF, 25, 04, 52, 41, 00, 8B, C0, FF, 25, 00, 52, 41, 00, 8B, C0, FF, 25, FC, 51, 41, 00, 8B, C0, FF, 25, F8, 51, 41, 00, 8B, C0, FF, 25, F4, 51, 41, 00, 8B, C0, FF, 25, 44, 52, 41, 00, 8B, C0, FF, 25, 40, 52, 41, 00, 8B, C0, FF, 25, 3C, 52, 41, 00, 8B, C0, FF, 25, 38, 52, 41, 00, 8B, C0, FF, 25, 34, 52, 41, 00, 8B, C0, FF, 25, 30, 52, 41, 00, 8B, C0, FF, 25, 2C, 52, 41, 00, 8B, C0, FF, 25, 28, 52, 41, 00, 8B, C0, 33, C9, E8, C1, E4...
 
[+]

Entropy:
6.3686

Code size:
66 KB (67,584 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
EmotiplusHelper

Command:
"C:\users\{user}\appdata\local\emotiplushelper\emotiplushelper.exe"


Scan EmotiplusHelper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.