home

wshelper.exe

Wondershare Studio

Wondershare

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Wondershare Helper Compact.exe’.
Publisher:
Wondershare

Product:
Wondershare Studio

Version:
1.2.2.20

MD5:
9c2078437d6fc541bd268ba903f6aeb4

SHA-1:
76b1049f24b2178c3b7e3bda01fb437d7bbff9d2

SHA-256:
cb622e82c65e0e4e9e52381beaab784ab6a3893be34476d69b89f012cc1ac3c9

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/23/2024 9:39:51 AM UTC  (today)

File size:
1.6 MB (1,679,360 bytes)

Product version:
1.2.1.18

Copyright:
Copyright (c) 2011 Wondershare Software All Rights Reserved

Trademarks:
Wondershare

Original file name:
Wondershare Studio

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\common files\wondershare\wondershare helper compact\wshelper.exe

File PE Metadata
Compilation timestamp:
2/28/2012 7:42:59 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:/TM6uSc7QeyFdR0lEZ+rxYGp5TV/SOAkWbdXc2WmAgTFsE7h15/Sd/NRCtBeTIbq:PQDVwbpHWqiTsTXU3

Entry address:
0x153054

Entry point:
55, 8B, EC, 83, C4, E0, 33, C0, 89, 45, E0, 89, 45, E4, 89, 45, EC, 89, 45, E8, B8, 24, 16, 55, 00, E8, 9A, 62, EB, FF, 33, C0, 55, 68, F8, 31, 55, 00, 64, FF, 30, 64, 89, 20, E8, E3, E4, FF, FF, 8D, 55, E8, 33, C0, E8, CD, 04, EB, FF, 8B, 45, E8, 8D, 55, EC, E8, 56, BC, EB, FF, 8D, 45, EC, BA, 10, 32, 55, 00, E8, 15, 3A, EB, FF, 8B, 4D, EC, B2, 01, A1, E4, 56, 4C, 00, E8, AE, 62, F7, FF, 8B, 15, F4, 1A, 56, 00, 89, 02, E8, CD, E2, FF, FF, 84, C0, 0F, 85, FF, 00, 00, 00, A1, 7C, 1E, 56, 00, 8B, 00, E8, 81...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1.3 MB (1,384,448 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Wondershare Helper Compact.exe

Command:
C:\Program Files\common files\wondershare\wondershare helper compact\wshelper.exe


Scan wshelper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.