home

helpmanager.exe

GPS Module

GPS Safety

This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘PluginContains’. The file has been seen being downloaded from rh-softwarevizual.com.
Publisher:
GPS Safety

Product:
GPS Module

Description:
Module GPS ®

Version:
2.3.8.27

MD5:
985a6cd0dae41f5affb6fd092cc523bb

SHA-1:
d9b44dc930d17a8bcdd4aab010e83a5dbca8ebf4

SHA-256:
be1f0d49992be7dbb81f82c1ae7350edc61ff295af2899aed9b2cda7671f9494

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 1:21:01 PM UTC  (today)

File size:
5.5 MB (5,797,376 bytes)

Product version:
2.3.8.0

Copyright:
GPS Safety ®

Original file name:
GPService

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\helpmanager.exe

File PE Metadata
Compilation timestamp:
3/18/2016 3:57:19 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:5JWShTNsdRmm2glYIxZhdedUb2oS0+H7DGSdovLDLpS8WUBYUBJgNv0FtSYhkAIB:5JWShBsrSIhhb2zH3dQTLHBLBqv0/Smf

Entry address:
0x7526F3

Entry point:
9C, E8, 3B, 1E, 01, 00, 99, A8, A3, B6, 86, B8, 9B, ED, FD, 76, D7, 1A, A8, C1, 56, 79, 0B, 70, 05, 24, B6, 1B, 47, 5A, BB, D6, 64, 9D, 32, 61, F3, 48, DD, E8, 49, 45, F1, 31, EE, 91, E1, 37, 4A, 5D, F2, 35, EE, D2, FF, 6D, CC, 95, EE, 31, 4F, 38, B0, E2, 0D, 7A, 08, 51, 0A, 02, 54, 37, 62, 30, B2, 19, 60, 4C, EE, 67, CC, 0B, 9D, B9, 75, E6, D3, 2A, 48, 56, 8D, 60, A6, 85, 35, 6D, 7A, 9C, 79, B8, 08, 58, 37, B4, 13, 6A, B7, D3, 73, F6, 6B, C7, F4, 94, CD, D5, B0, 9F, B9, F5, DF, 11, 2C, FE, 5A, 0D, 4E, BA...
 
[+]

Code size:
3.1 MB (3,210,240 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
PluginContains

Command:
C:\users\{user}\appdata\local\helpmanager.exe


The file helpmanager.exe has been seen being distributed by the following URL.

http://rh-softwarevizual.com/helpmanager.exe

Scan helpmanager.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.