home

helpmng.exe

GPS Module

GPS Safety

This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘PluginContains’. The file has been seen being downloaded from rh-softwarevizual.com.
Publisher:
GPS Safety

Product:
GPS Module

Description:
Module GPS ®

Version:
2.3.8.27

MD5:
5e3b3da76edbadc03fafe4f1c67055d2

SHA-1:
72f6d4ced51ccd8b851a28310c7d470718d42333

SHA-256:
da9ca9b35bad3ccdb12b465ca1d3805d2ada2bda8316a989e63d5b111bd17fa7

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 1:23:44 PM UTC  (today)

File size:
5.5 MB (5,817,344 bytes)

Product version:
2.3.8.0

Copyright:
GPS Safety ®

Original file name:
GPService

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\helpmng.exe

File PE Metadata
Compilation timestamp:
5/2/2016 1:32:54 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:d9z3WgKQSX67FB1FQfSrcuKUgGoq6vyOESJeQKWXBMmb/mjtw1MHap2V5/rY3al9:d9zoQw6Xj8QchGoqODESY9gNmjtw1M10

Entry address:
0xB97783

Entry point:
68, C6, 48, 21, 74, E8, DA, A7, 00, 00, 7F, 8E, 6E, B9, 45, FD, 9C, 43, 94, 95, 56, C3, EC, 3B, EC, 51, 6A, BD, 70, 72, 27, 4B, AC, C1, FA, 15, 78, E6, 9B, 93, CC, 17, 7A, DC, 2B, 61, C5, 59, BC, D1, 80, 84, D5, 54, 99, 11, 1C, 04, 13, 97, F4, 48, DD, 98, B1, 34, AA, D2, FF, FD, B7, A9, A9, F9, D2, 56, EB, 47, 4A, 72, CC, AC, 51, DF, 69, D6, 2D, 64, BF, F2, 81, 62, 23, 3E, 51, A9, DD, 1C, EB, 86, 3E, 5C, E9, DF, 0A, AA, 40, C0, B4, CD, 7A, 8B, 10, F3, C6, 8B, DB, BC, 3B, F2, 88, D6, 44, A9, 64, 80, 1F, 33...
 
[+]

Code size:
3.1 MB (3,209,728 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
PluginContains

Command:
C:\users\{user}\appdata\local\helpmng.exe


The file helpmng.exe has been seen being distributed by the following URL.

http://rh-softwarevizual.com/helpmng.exe

Scan helpmng.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.