wshelper.exe

Wondershare Studio

Wondershare Software Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Wondershare Helper Compact.exe’.
Publisher:
Wondershare  (signed by Wondershare Software Co., Ltd. )

Product:
Wondershare Studio

Version:
2.0.2.0

MD5:
a31cff26b3a73baa93dd59bd062ffee3

SHA-1:
a6f298fdf39de2b3517960b9c4bb92c33066b262

SHA-256:
a7699764d5cd19c1e5a5013d84da191773c3b9c1fcd5afb133627bab014e9cf4

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/27/2024 1:16:28 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.W32.Gen
2.1.4+

File size:
1.7 MB (1,743,136 bytes)

Product version:
1.2.5.30

Copyright:
Copyright (c) 2012 Wondershare Software All Rights Reserved

Trademarks:
Wondershare

Original file name:
Wondershare Studio

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\common files\wondershare\wondershare helper compact\wshelper.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
8/22/2011 2:00:00 AM

Valid to:
9/21/2013 1:59:59 AM

Subject:
CN="Wondershare Software Co., Ltd. ", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Wondershare Software Co., Ltd. ", L=shenzhen, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2649593DC86804A0829FE1CFC970097B

File PE Metadata
Compilation timestamp:
5/29/2013 5:46:23 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:06Nl36Mw//cUiEF+G4P+Fff+bSFEcVcjLuwRzMO4WmAw7BF2xLBsKheLEj8nPOHN:g0lwrVCj+rfPOH8TgT/TyY

Entry address:
0x15F06C

Entry point:
55, 8B, EC, 83, C4, E0, 33, C0, 89, 45, E0, 89, 45, E4, 89, 45, EC, 89, 45, E8, B8, A8, CF, 55, 00, E8, 82, A2, EA, FF, 33, C0, 55, 68, 27, F2, 55, 00, 64, FF, 30, 64, 89, 20, E8, 4F, DE, FF, FF, A1, CC, E0, 56, 00, 8B, 00, E8, 73, F6, EA, FF, 84, C0, 0F, 84, 48, 01, 00, 00, 8D, 55, E8, 33, C0, E8, A1, 44, EA, FF, 8B, 45, E8, 8D, 55, EC, E8, 6A, FC, EA, FF, 8D, 45, EC, BA, 40, F2, 55, 00, E8, E9, 79, EA, FF, 8B, 4D, EC, B2, 01, A1, 3C, 57, 4C, 00, E8, 7A, 9B, F6, FF, 8B, 15, 14, DC, 56, 00, 89, 02, E8, 25...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1.4 MB (1,432,064 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Wondershare Helper Compact.exe

Command:
C:\Program Files\common files\wondershare\wondershare helper compact\wshelper.exe


Scan wshelper.exe - Powered by Reason Core Security