wshelper.exe

Wondershare Studio

Wondershare software CO., LIMITED

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Wondershare Helper Compact.exe’.
Publisher:
Wondershare  (signed by Wondershare software CO., LIMITED)

Product:
Wondershare Studio

Version:
2.3.0.1

MD5:
cd90e0b5d590ae4d065a6921d2470650

SHA-1:
1253cb63cc829aec24d7a5ba50d4e2d89f84e0d3

SHA-256:
44aef0fb06947ac6a0b35219e3160e85840b66260e5072d863de4196bea3e7a2

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/24/2024 11:57:56 AM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
Win.Worm.Runouce-823
0.98/23189

File size:
2 MB (2,087,264 bytes)

Product version:
2.3.0.1

Copyright:
Copyright (c) 2014 Wondershare. All rights reserved

Trademarks:
Wondershare

Original file name:
Wondershare Studio

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\common files\wondershare\wondershare helper compact\wshelper.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
2/21/2014 6:00:00 AM

Valid to:
2/22/2016 5:59:59 AM

Subject:
CN="Wondershare software CO., LIMITED", OU=R & D Management, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Wondershare software CO., LIMITED", L=Shenzhen, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
30DC6C3A7D282A8E5552CEB78E4C075A

File PE Metadata
Compilation timestamp:
9/11/2014 4:10:09 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x1AA428

Entry point:
55, 8B, EC, 83, C4, E0, 33, C0, 89, 45, E0, 89, 45, E4, 89, 45, EC, 89, 45, E8, B8, 20, 7F, 5A, 00, E8, 92, F2, E5, FF, 33, C0, 55, 68, E3, A5, 5A, 00, 64, FF, 30, 64, 89, 20, E8, F7, D9, FF, FF, A1, B0, A8, 5B, 00, 8B, 00, E8, 1F, 47, E6, FF, 84, C0, 0F, 84, 48, 01, 00, 00, 8D, 55, E8, 33, C0, E8, F5, 90, E5, FF, 8B, 45, E8, 8D, 55, EC, E8, 16, 4D, E6, FF, 8D, 45, EC, BA, FC, A5, 5A, 00, E8, BD, C7, E5, FF, 8B, 4D, EC, B2, 01, A1, 48, 71, 4C, 00, E8, 26, 0C, F2, FF, 8B, 15, 2C, A2, 5B, 00, 89, 02, E8, CD...
 
[+]

Entropy:
6.5830

Developed / compiled with:
Microsoft Visual C++

Code size:
1.7 MB (1,740,800 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Wondershare Helper Compact.exe

Command:
C:\Program Files\common files\wondershare\wondershare helper compact\wshelper.exe


Scan wshelper.exe - Powered by Reason Core Security