» wirehelpsvc.exe
Overview
Analysis
File Details
Behaviors (1)

wirehelpsvc.exe

Turtle Entertainment GmbH

It runs as a separate (within the context of its own process) windows Service named “WireHelpSvc”.

File name:

wirehelpsvc.exe

Publisher:

Turtle Entertainment GmbH (signed and verified)

MD5:

ee5619c43cb3940a4471bd7596b04b7a

SHA-1:

b642c211c90b1f262f5a0532ec0dc0365cd3e5bb

SHA-256:

a2f20252253a3a851d2cbe86255f39c183221b211178d26bc6797baa70a83b77

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/19/2024 12:25:02 AM UTC (today)

Scan engine

Detection

Engine version

McAfee

Generic Obfuscated.c

5600.7245

Trend Micro House Call

TROJ_GEN.F47V0802

7.2.20

File size:

164.9 KB (168,864 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\Program Files\common files\wirehelpsvc.exe

Digital Signature

Signed by:

Turtle Entertainment GmbH

Authority:

GlobalSign nv-sa

Valid from:

11/26/2009 11:18:03 AM

Valid to:

11/27/2011 11:18:00 AM

Subject:

CN=Turtle Entertainment GmbH, OU=Desktop Software Development, O=Turtle Entertainment GmbH, L=Cologne, S=NRW, C=DE

Issuer:

CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:

0100000000012530204B6F

File PE Metadata

Compilation timestamp:

7/15/2011 12:39:56 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

9.0

CTPH (ssdeep):

3072:d9IBF4FOimTYfvCSTYyLsIeOqEkxFckNgWzJlOP+sDolgFb9m:3IB6Fnf6prOqE0JlOPHm

Entry address:

0x44C29

Entry point:

E9, 80, AD, FF, FF, E9, 96, D1, FF, FF, 0F, 85, AB, AC, FF, FF, F8, 18, E5, C6, 47, FF, 00, 0F, 99, C0, 66, F7, D9, 48, 89, D9, 66, 0F, BA, F8, 0A, 66, F7, D0, 48, 81, EC, 20, 00, 00, 00, 66, 0F, BE, C2, 48, 8D, 05, 4A, AC, FF, FF, E9, 3B, F7, FF, FF, 0F, 87, 76, AC, FF, FF, E9, 4D, FE, FF, FF, 68, EB, 86, 4B, C7, E9, 83, 4B, 00, 00, 0F, 87, 87, DE, FF, FF, 3C, BB, E9, 6B, 1D, 00, 00, 0F, BA, E5, 17, E9, 53, FE, FF, FF, 0F, 84, D5, CB, FF, FF, 66, 0F, A3, EA, 2C, 30, F5, 0F, 8D, 01, F9, FF, FF, F9, 3C, 09... 
[+]

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

45 KB (46,080 bytes)

Service

Display name:

WireHelpSvc

Type:

Win32OwnProcess

Scan wirehelpsvc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.