home

edhelper64.exe

Desk 365

Taiwan Shui Mu Chih Ching Technology Limited

The application edhelper64.exe, “Desk 365 helper application” by Taiwan Shui Mu Chih Ching Technology Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Taiwan Shui Mu Chih Ching Technology Limited.  (signed by Taiwan Shui Mu Chih Ching Technology Limited)

Product:
Desk 365

Description:
Desk 365 helper application

Version:
1.4.17.7189

MD5:
bdb6f81f290ec3b8c67a9b21ac43f6ad

SHA-1:
41e6c20793a3c99baeb79da26ed857c4deb5ca40

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/10/2024 8:02:52 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Thinknice.TaiwanShuiMuChihChingTechnology (M)
16.1.18.20

File size:
191.2 KB (195,752 bytes)

Product version:
1.4.17.7189

Copyright:
Copyright (C) 2012

Original file name:
edhelper.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\deskplus\edhelper64.exe

Digital Signature
Signed by:
Taiwan Shui Mu Chih Ching Technology Limited

Authority:
GlobalSign nv-sa

Valid from:
3/13/2013 4:15:13 AM

Valid to:
3/14/2014 4:15:13 AM

Subject:
CN=Taiwan Shui Mu Chih Ching Technology Limited, O=Taiwan Shui Mu Chih Ching Technology Limited, L=新北, S=台湾, C=TW

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121243D90C81CD8FEC70E99813154FB6459

File PE Metadata
Compilation timestamp:
5/17/2013 10:01:38 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:XSkCjaKk5zBo3FTenII5e0uhD9plNoYPDDnqMe2GXjvg+jBDNgnfsMYAIsd4sYWz:XtCOeFTenII5wDDBrDnre2GXjvg+jlNE

Entry address:
0x4CA0

Entry point:
48, 83, EC, 28, E8, 47, 2F, 00, 00, 48, 83, C4, 28, E9, 52, FE, FF, FF, CC, CC, 48, 85, C9, 74, 37, 53, 48, 83, EC, 20, 4C, 8B, C1, 48, 8B, 0D, 78, E2, 00, 00, 33, D2, FF, 15, 98, 74, 00, 00, 85, C0, 75, 17, E8, 67, 07, 00, 00, 48, 8B, D8, FF, 15, 7E, 73, 00, 00, 8B, C8, E8, 0F, 07, 00, 00, 89, 03, 48, 83, C4, 20, 5B, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 8B, C1, 49, 83, F8, 08, 72, 53, 0F, B6, D2, 49, B9, 01, 01...
 
[+]

Code size:
43 KB (44,032 bytes)

Remove edhelper64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.