WHelp.EXE

WHelp

WooJung ITS

The application WHelp.EXE by WooJung ITS has been detected as a potentially unwanted program by 20 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup.
Publisher:
WooJung ITS Corp.  (signed by WooJung ITS)

Product:
WHelp

Version:
1, 0, 0, 1

MD5:
1cf151adda115ad868f2dc0bb5c4ea8e

SHA-1:
68657604b5337cf58d6df265f34ac60fe11ef77f

SHA-256:
209520c0450bb1e5da2eb01ae34f1e16b8af027915a13db3f4c76d5daec04fc1

Scanner detections:
20 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 8:50:55 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Kraddare
7.1.1

AhnLab V3 Security
PUP/Win32.WHelp
2015.05.15

Avira AntiVirus
TR/Injector.TA
8.3.1.6

avast!
Win32:PUP-gen [PUP]
2014.9-150718

AVG
Downloader
2016.0.3045

Baidu Antivirus
Adware.Win32.Kraddare
4.0.3.15718

Comodo Security
UnclassifiedMalware
22124

ESET NOD32
Win32/Adware.Kraddare.GN (variant)
9.11630

Fortinet FortiGate
Riskware/Kraddare
7/18/2015

F-Prot
W32/WHelp.A
v6.4.7.1.166

IKARUS anti.virus
Trojan.Injector
t3scan.1.8.9.0

Malwarebytes
Adware.WHelp
v2015.07.18.06

McAfee
Artemis!1CF151ADDA11
5600.6701

Qihoo 360 Security
HEUR/Malware.QVM07.Gen
1.0.0.1015

Sophos
Generic PUA GI
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-FraudScan
9746

Trend Micro House Call
ADW_KRADDARE
7.2.199

Trend Micro
ADW_KRADDARE
10.465.18

VIPRE Antivirus
Trojan.Win32.Generic
40248

ViRobot
Adware.WHelp.51280[h]
2014.3.20.0

File size:
50.1 KB (51,280 bytes)

Product version:
1, 0, 0, 1

Copyright:
(c) WooJung ITS. All rights reserved.

Original file name:
WHelp.EXE

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\whelp\whelp.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
4/11/2012 9:00:00 AM

Valid to:
5/12/2013 8:59:59 AM

Subject:
CN=WooJung ITS, O=WooJung ITS, L=Gangnam-gu, S=SEOUL, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7F9271CF4DE60DE37A832FF7C03AA9DE

File PE Metadata
Compilation timestamp:
5/8/2012 10:05:07 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
384:OTBkjxlR4GElcJB8SN/2SYuyBa4QZG18WZcqHngbrm/nnPMV3YJLUfueaq:OFCl2llcJv/yw4VHZcAnyrMnnP4WLU8q

Entry address:
0x3C0C

Entry point:
55, 8B, EC, 6A, FF, 68, D8, 55, 40, 00, 68, 00, 3C, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 68, 52, 40, 00, 59, 83, 0D, 34, 94, 40, 00, FF, 83, 0D, 38, 94, 40, 00, FF, FF, 15, 6C, 52, 40, 00, 8B, 0D, 28, 94, 40, 00, 89, 08, FF, 15, 70, 52, 40, 00, 8B, 0D, 24, 94, 40, 00, 89, 08, A1, 74, 52, 40, 00, 8B, 00, A3, 30, 94, 40, 00, E8, 16, 01, 00, 00, 39, 1D, 30, 93, 40, 00, 75, 0C, 68, 8E, 3D, 40, 00, FF, 15, 78, 52...
 
[+]

Entropy:
4.8296

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
16 KB (16,384 bytes)

Remove WHelp.EXE - Powered by Reason Core Security