home

wshelper.exe

Wondershare Studio

Wondershare Software Co., Ltd.

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Wondershare Helper Compact’.
Publisher:
Wondershare  (signed by Wondershare Software Co., Ltd. )

Product:
Wondershare Studio

Version:
2.1.0.6

MD5:
aabf93f351e17ea4d42ee028a905af45

SHA-1:
edeab3398552e67e3a9eb450f91fd6b87917b132

SHA-256:
e9f26573af7c02240f4c587f4c6003761268697d07a3098df3cd03c5749c06b2

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/23/2024 9:43:38 AM UTC  (today)

File size:
1.9 MB (1,985,824 bytes)

Product version:
1.2.5.30

Copyright:
Copyright (c) 2012 Wondershare Software All Rights Reserved

Trademarks:
Wondershare

Original file name:
Wondershare Studio

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, China)

Common path:
C:\Program Files\common files\wondershare\wondershare helper compact\wshelper.exe

Digital Signature
Signed by:
Wondershare Software Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
8/21/2011 8:00:00 PM

Valid to:
9/20/2013 7:59:59 PM

Subject:
CN="Wondershare Software Co., Ltd. ", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Wondershare Software Co., Ltd. ", L=shenzhen, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2649593DC86804A0829FE1CFC970097B

File PE Metadata
Compilation timestamp:
7/25/2013 5:46:45 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:Bl9+y5acaBzvnhKid1lRPXv7Cctk/GmjepoDFCWmAfwZtErgQoaA1Kq/MX/6Qs5t:knhzfV4SfRkKy4VuTdTmgWxX

Entry address:
0x19340C

Entry point:
55, 8B, EC, 83, C4, E0, 33, C0, 89, 45, E0, 89, 45, E4, 89, 45, EC, 89, 45, E8, B8, D0, 0B, 59, 00, E8, 26, 5F, E7, FF, 33, C0, 55, 68, C7, 35, 59, 00, 64, FF, 30, 64, 89, 20, E8, D7, D6, FF, FF, A1, D4, 36, 5A, 00, 8B, 00, E8, AB, B3, E7, FF, 84, C0, 0F, 84, 48, 01, 00, 00, 8D, 55, E8, 33, C0, E8, 11, 01, E7, FF, 8B, 45, E8, 8D, 55, EC, E8, A2, B9, E7, FF, 8D, 45, EC, BA, E0, 35, 59, 00, E8, 8D, 36, E7, FF, 8B, 4D, EC, B2, 01, A1, 38, 64, 4C, 00, E8, 6E, 67, F3, FF, 8B, 15, 5C, 30, 5A, 00, 89, 02, E8, AD...
 
[+]

Entropy:
6.5859

Developed / compiled with:
Microsoft Visual C++

Code size:
1.6 MB (1,645,568 bytes)

2 Startup Files (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Wondershare Helper Compact

Command:
"C:\Program Files\common files\wondershare\wondershare helper compact\wshelper.exe"

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
WSHelperSetup.exe

Command:
C:\Program Files\common files\wondershare\wondershare helper compact\wshelper.exe


3 Startup Files (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Wondershare Helper Compact.exe

Command:
C:\Program Files\common files\wondershare\wondershare helper compact\wshelper.exe

Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Wondershare Helper Compact

Command:
"C:\Program Files\common files\wondershare\wondershare helper compact\wshelper.exe"

Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
WSHelperSetup.exe

Command:
C:\Program Files\common files\wondershare\wondershare helper compact\wshelper.exe


Scan wshelper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.