home

wshelper.exe

Wondershare Studio

Wondershare Software Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Wondershare Helper Compact.exe’.
Publisher:
Wondershare  (signed by Wondershare Software Co., Ltd. )

Product:
Wondershare Studio

Version:
2.1.1.2

MD5:
d235eaf46ae3e22a2f56b050d1b369b5

SHA-1:
cf15b39ec263704ba5eaa6ebf460a7d6fef45ae5

SHA-256:
3a68559f5de8a2186af18950af36d5e59bcd1a41a621176a021fb7886c08e71c

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 1:48:20 AM UTC  (today)

File size:
1.9 MB (1,989,920 bytes)

Product version:
1.2.5.30

Copyright:
Copyright (c) 2012 Wondershare Software All Rights Reserved

Trademarks:
Wondershare

Original file name:
Wondershare Studio

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\common files\wondershare\wondershare helper compact\wshelper.exe

Digital Signature
Signed by:
Wondershare Software Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
8/22/2011 2:00:00 AM

Valid to:
9/21/2013 1:59:59 AM

Subject:
CN="Wondershare Software Co., Ltd. ", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Wondershare Software Co., Ltd. ", L=shenzhen, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2649593DC86804A0829FE1CFC970097B

File PE Metadata
Compilation timestamp:
8/26/2013 8:32:23 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:W9OMDx5155/0fMUvpetbMixuAyVgZj4z2+mzmCz25WmAbacQTMLvHEF08iFCHsRp:WU8HDu8ddomdGutQvWTTTb4Du

Entry address:
0x19440C

Entry point:
55, 8B, EC, 83, C4, E0, 33, C0, 89, 45, E0, 89, 45, E4, 89, 45, EC, 89, 45, E8, B8, B8, 19, 59, 00, E8, 26, 4F, E7, FF, 33, C0, 55, 68, C7, 45, 59, 00, 64, FF, 30, 64, 89, 20, E8, BF, D4, FF, FF, A1, C8, 46, 5A, 00, 8B, 00, E8, A3, A3, E7, FF, 84, C0, 0F, 84, 48, 01, 00, 00, 8D, 55, E8, 33, C0, E8, 11, F1, E6, FF, 8B, 45, E8, 8D, 55, EC, E8, 9A, A9, E7, FF, 8D, 45, EC, BA, E0, 45, 59, 00, E8, 8D, 26, E7, FF, 8B, 4D, EC, B2, 01, A1, EC, 64, 4C, 00, E8, 9A, 58, F3, FF, 8B, 15, 58, 40, 5A, 00, 89, 02, E8, 95...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1.6 MB (1,649,152 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Wondershare Helper Compact.exe

Command:
C:\Program Files\common files\wondershare\wondershare helper compact\wshelper.exe


Scan wshelper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.