home

wshelper.exe

Wondershare Studio

Wondershare Software Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Wondershare Helper Compact.exe’.
Publisher:
Wondershare  (signed by Wondershare Software Co., Ltd. )

Product:
Wondershare Studio

Version:
2.0.3.0

MD5:
52ea6c0c8a124bfb1065482392c8e1f5

SHA-1:
0d26d3f51cec864847d0bc4a58cb443433104e76

SHA-256:
d1ea58bfc576db5b1bf52abfc92512930f6deb846f4cefa257202fc48263511f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/24/2024 5:31:13 PM UTC  (today)

File size:
1.7 MB (1,743,648 bytes)

Product version:
1.2.5.30

Copyright:
Copyright (c) 2012 Wondershare Software All Rights Reserved

Trademarks:
Wondershare

Original file name:
Wondershare Studio

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\common files\wondershare\wondershare helper compact\wshelper.exe

Digital Signature
Signed by:
Wondershare Software Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
8/22/2011 2:00:00 AM

Valid to:
9/21/2013 1:59:59 AM

Subject:
CN="Wondershare Software Co., Ltd. ", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Wondershare Software Co., Ltd. ", L=shenzhen, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2649593DC86804A0829FE1CFC970097B

File PE Metadata
Compilation timestamp:
6/13/2013 8:15:29 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:f6Nl36Mw//cUiEF+G4P+Fff+bSFEcVcjLuwRzMO4WmAw7BF2xLBsKheLEjRn3Xdh:H0lwrVCj+rInYTgT/ey/

Entry address:
0x15F06C

Entry point:
55, 8B, EC, 83, C4, E0, 33, C0, 89, 45, E0, 89, 45, E4, 89, 45, EC, 89, 45, E8, B8, 78, D0, 55, 00, E8, 82, A2, EA, FF, 33, C0, 55, 68, 27, F2, 55, 00, 64, FF, 30, 64, 89, 20, E8, 1F, DF, FF, FF, A1, CC, E0, 56, 00, 8B, 00, E8, 73, F6, EA, FF, 84, C0, 0F, 84, 48, 01, 00, 00, 8D, 55, E8, 33, C0, E8, A1, 44, EA, FF, 8B, 45, E8, 8D, 55, EC, E8, 6A, FC, EA, FF, 8D, 45, EC, BA, 40, F2, 55, 00, E8, E9, 79, EA, FF, 8B, 4D, EC, B2, 01, A1, 3C, 57, 4C, 00, E8, 7A, 9B, F6, FF, 8B, 15, 14, DC, 56, 00, 89, 02, E8, F5...
 
[+]

Entropy:
6.6091

Developed / compiled with:
Microsoft Visual C++

Code size:
1.4 MB (1,432,576 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Wondershare Helper Compact.exe

Command:
C:\Program Files\common files\wondershare\wondershare helper compact\wshelper.exe


Scan wshelper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.