» EmsServiceHelper.exe
Overview
Analysis
File Details
Behaviors (1)

EmsServiceHelper.exe

Dell Data Protection Encryption

Dell Inc

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘EmsService’.

File name:

EmsServiceHelper.exe

Publisher:

Dell Inc. (signed by Dell Inc)

Product:

Dell Data Protection Encryption

Description:

External Media Encryption Service Helper.

Version:

8.12.0.26

MD5:

d2db1c498613d9996556ab4a6aff0c32

SHA-1:

f81889e09bb7891daee7bb3c9918e1909aa03bae

SHA-256:

3bf3787aa4a157d788ce42bb1c9f2046f042c37bf7756a259e9dc0652f86a669

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

12/26/2024 1:57:03 AM UTC (today)

File size:

3.2 MB (3,352,800 bytes)

Product version:

8.12.0.26

Trademarks:

Dell Data Protection | Encryption is a trademark of Dell Inc. All other trademarks used herein are the property of their respective owners and are us

Original file name:

EmsServiceHelper.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\dell\dell data protection\encryption\emsservicehelper.exe

Digital Signature

Signed by:

Dell Inc

Authority:

DigiCert Inc

Valid from:

12/9/2015 5:30:00 AM

Valid to:

10/24/2018 5:30:00 PM

Subject:

CN=Dell Inc, O=Dell Inc, L=Plano, S=Texas, C=US

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

045F515B5B51F0B557E6AE99F4EABCD4

File PE Metadata

Compilation timestamp:

1/17/2017 5:42:20 AM

OS version:

6.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

Entry address:

0x1942AC

Entry point:

48, 83, EC, 28, E8, 57, 95, 00, 00, 48, 83, C4, 28, E9, 36, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 4C, 8B, D9, 4C, 8B, D2, 49, 83, F8, 10, 0F, 86, A9, 00, 00, 00, 48, 2B, D1, 73, 0F, 49, 8B, C2, 49, 03, C0, 48, 3B, C8, 0F, 8C, 46, 03, 00, 00, 0F, BA, 25, 24, 86, 11, 00, 01, 73, 13, 57, 56, 48, 8B, F9, 49, 8B, F2, 49, 8B, C8, F3, A4, 5E, 5F, 49, 8B, C3, C3, F6, C1, 07, 74, 36, F6, C1, 01, 74, 0B, 8A, 04, 0A, 49, FF, C8, 88, 01, 48, FF, C1, F6, C1, 02, 74, 0F, 66... 
[+]

Entropy:

6.0529

Code size:

1.9 MB (1,975,296 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

EmsService

Command:

C:\Program Files\dell\dell data protection\encryption\emsservicehelper.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.