home

wshelper.exe

Wondershare Studio

Wondershare

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Wondershare Helper Compact.exe’.
Publisher:
Wondershare

Product:
Wondershare Studio

Version:
1.2.5.30

MD5:
669de7ff8447dbca73b96942f025ef8f

SHA-1:
d247a07a73e53acac80d92755836342057f65bda

SHA-256:
d910b81a9dcddd9ffc6124f4c7dd0c752744bafa2c7214b3c88d75001a83cadd

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 1:49:55 AM UTC  (today)

File size:
1.6 MB (1,691,136 bytes)

Product version:
1.2.5.30

Copyright:
Copyright (c) 2012 Wondershare Software All Rights Reserved

Trademarks:
Wondershare

Original file name:
Wondershare Studio

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\common files\wondershare\wondershare helper compact\wshelper.exe

File PE Metadata
Compilation timestamp:
5/31/2012 11:26:05 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:7Bl7KjQM99SbalKnpkqHrA2uV3c+FhGuQDWmAgmlGgQGYVj/kw//02YnBYBGTX82:tSlPPi/pYnNTMTkIAl

Entry address:
0x156054

Entry point:
55, 8B, EC, 83, C4, E0, 33, C0, 89, 45, E0, 89, 45, E4, 89, 45, EC, 89, 45, E8, B8, A4, 3A, 55, 00, E8, 9A, 32, EB, FF, 33, C0, 55, 68, 0C, 62, 55, 00, 64, FF, 30, 64, 89, 20, E8, 63, D9, FF, FF, A1, A0, 4F, 56, 00, 8B, 00, E8, 7B, 86, EB, FF, 84, C0, 0F, 84, 45, 01, 00, 00, 8D, 55, E8, 33, C0, E8, B9, D4, EA, FF, 8B, 45, E8, 8D, 55, EC, E8, 72, 8C, EB, FF, 8D, 45, EC, BA, 24, 62, 55, 00, E8, 01, 0A, EB, FF, 8B, 4D, EC, B2, 01, A1, B8, 55, 4C, 00, E8, EE, 2B, F7, FF, 8B, 15, F4, 4A, 56, 00, 89, 02, E8, 39...
 
[+]

Entropy:
6.6046

Developed / compiled with:
Microsoft Visual C++

Code size:
1.3 MB (1,394,176 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Wondershare Helper Compact.exe

Command:
C:\Program Files\common files\wondershare\wondershare helper compact\wshelper.exe


Scan wshelper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.