home

helpmanager.exe

GPS Module

GPS Safety

This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘PluginContains’. The file has been seen being downloaded from curiosidadesnews.com.br and multiple other hosts.
Publisher:
GPS Safety

Product:
GPS Module

Description:
Module GPS ®

Version:
2.3.8.27

MD5:
34c321857a5dedd0de23536c82fc6a8d

SHA-1:
2c6d79adb7c93affea88269166660b56f4e5c68d

SHA-256:
eab4dfcddf99c90200c02d5d97cf1f07c8b155c181b1549163e005e2a22f5e99

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
1/15/2025 3:58:50 PM UTC  (today)

File size:
5.5 MB (5,752,832 bytes)

Product version:
2.3.8.0

Copyright:
GPS Safety ®

Original file name:
GPService

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\helpmanager.exe

File PE Metadata
Compilation timestamp:
5/2/2016 1:24:33 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:YjI8IpCNalQb/rY3alBk7FlcXe4o1K95ulhGCpT4gvpXNd3+CFmPNYDQjhw1tBzu:YjI8IpCtrKOW7FlcO4fj3CJ/X+lPNYsv

Entry address:
0x8D3890

Entry point:
9C, E9, 2F, CB, E7, FF, B9, 47, A1, 3E, C0, 75, 77, 2C, 7A, 83, D0, C5, BD, 35, FB, AE, 7A, 44, B6, 29, C3, 86, 5C, C3, 2D, A2, 70, EF, 15, BA, 5E, 7E, A0, 3F, F1, 6E, 92, 82, 64, C5, C7, 98, 72, BE, 0E, 0C, 38, 72, F9, 9B, 3D, CB, BE, 58, C1, 3E, BF, 83, 16, 71, 31, 83, 81, DC, 21, C7, 5C, 62, D1, 3F, CD, 75, 58, 53, A3, 76, 57, DD, 2E, C0, 32, E4, DE, 56, 2A, 2B, C0, 2E, 9B, BB, 56, A5, 53, C6, 50, E2, 7A, A5, CE, 6D, 64, CE, 1C, 31, 35, 77, 8A, 6C, 31, CD, BE, 14, E6, B3, A6, 48, BB, E0, 12, 7E, 4F, 58...
 
[+]

Code size:
3.1 MB (3,209,728 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
PluginContains

Command:
C:\users\{user}\appdata\local\helpmanager.exe


The file helpmanager.exe has been seen being distributed by the following 2 URLs.

http://curiosidadesnews.com.br/.../helpmanager.exe

http://rh-softwarevizual.com/helpmanager.exe

Scan helpmanager.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.