wshelper.exe

Wondershare Studio

Wondershare software CO., LIMITED

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Wondershare Helper Compact.exe’.
Publisher:
Wondershare  (signed by Wondershare software CO., LIMITED)

Product:
Wondershare Studio

Version:
2.3.0.1

MD5:
c3c252991bbbd1eaec56ccab8f996b7f

SHA-1:
a5af6f37a0d774120885fe94730531e172e4705b

SHA-256:
3f251b9b53fa9b5dc6a87e6fcba17c926f0a6566b9be75780fa54cbfcc4ea63d

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/24/2024 1:03:38 PM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
Win.Worm.Runouce-823
0.98/23178

File size:
2 MB (2,087,264 bytes)

Product version:
2.3.0.1

Copyright:
Copyright (c) 2014 Wondershare. All rights reserved

Trademarks:
Wondershare

Original file name:
Wondershare Studio

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\common files\wondershare\wondershare helper compact\wshelper.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
2/21/2014 2:00:00 AM

Valid to:
2/22/2016 1:59:59 AM

Subject:
CN="Wondershare software CO., LIMITED", OU=R & D Management, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Wondershare software CO., LIMITED", L=Shenzhen, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
30DC6C3A7D282A8E5552CEB78E4C075A

File PE Metadata
Compilation timestamp:
9/11/2014 1:10:09 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x1AA428

Entry point:
55, 8B, EC, 83, C4, E0, 33, C0, 89, 45, E0, 89, 45, E4, 89, 45, EC, 89, 45, E8, B8, 20, 7F, 5A, 00, E8, 92, F2, E5, FF, 33, C0, 55, 68, E3, A5, 5A, 00, 64, FF, 30, 64, 89, 20, E8, F7, D9, FF, FF, A1, B0, A8, 5B, 00, 8B, 00, E8, 1F, 47, E6, FF, 84, C0, 0F, 84, 48, 01, 00, 00, 8D, 55, E8, 33, C0, E8, F5, 90, E5, FF, 8B, 45, E8, 8D, 55, EC, E8, 16, 4D, E6, FF, 8D, 45, EC, BA, FC, A5, 5A, 00, E8, BD, C7, E5, FF, 8B, 4D, EC, B2, 01, A1, 48, 71, 4C, 00, E8, 26, 0C, F2, FF, 8B, 15, 2C, A2, 5B, 00, 89, 02, E8, CD...
 
[+]

Entropy:
6.5830

Developed / compiled with:
Microsoft Visual C++

Code size:
1.7 MB (1,740,800 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Wondershare Helper Compact.exe

Command:
C:\Program Files\common files\wondershare\wondershare helper compact\wshelper.exe


Scan wshelper.exe - Powered by Reason Core Security