» wandoujia_helper.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

wandoujia_helper.exe

Wandou Technology Ltd

This is installed with SnapPea.

File name:

Publisher:

Wandou Technology Ltd (signed and verified)

MD5:

27d920b1fd2fc808fbe88a8bbaf53f9c

SHA-1:

d065b4d36036fcf999e3d5dbbe8cf86e8c84cbd2

SHA-256:

c87aa2171b2f658cc467513f3a99b6fc27e9173ce6cc83a405aa88a2c496c23f

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 10:30:58 AM UTC (today)

File size:

252.9 KB (258,944 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\wandoujia2\applications\2.69.0.5457\wandoujia_helper.exe

Digital Signature

Signed by:

Wandou Technology Ltd

Authority:

VeriSign, Inc.

Valid from:

4/3/2013 7:00:00 AM

Valid to:

6/3/2015 6:59:59 AM

Subject:

CN=Wandou Technology Ltd, OU=Wandou Technology Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Wandou Technology Ltd, L=Beijing, S=Beijing, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

741000F601812EB36CC3659E15D61689

File PE Metadata

Compilation timestamp:

1/11/2014 2:18:35 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:tZ/+3GqA4W2prtAHL875RSSwFY2pvhjosyWSe3fhp:rWo43prtAHU5RSSw2iz

Entry address:

0x13EED

Entry point:

E8, 67, 86, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, 5B, 3F, 41, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, D3, 3B, 01, 00, 8B, 45, 0C, 8B, 40, 04, 83, E0, FD, 8B, 4D, 0C, 89, 41, 04, 64, 8B, 3D... 
[+]

Code size:

159.5 KB (163,328 bytes)

User Start Menu Item

Name:

wandoujia_helper.exe

The file wandoujia_helper.exe has been discovered within the following program.

SnapPea by Wandou Labs

The software currently distributes the app through the OpenCandy monetization platform which is known to distribute adware.

snappea.com

25% remove it

Scan wandoujia_helper.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.