home

wshelper.exe

Wondershare Studio

Wondershare software CO., LIMITED

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Wondershare Helper Compact.exe’.
Publisher:
Wondershare  (signed by Wondershare software CO., LIMITED)

Product:
Wondershare Studio

Version:
2.3.0.1

MD5:
3e4e283f8ca3ba2cad28f8a54f2dd83b

SHA-1:
eed96552aea47cc8d58ddd06ebc2aeb2128d3285

SHA-256:
bc5d439888d22ea75b7e446389e6b2a86a80ed0d4d3ca6c85fd3de5372922672

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/19/2024 9:18:47 AM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
Win.Worm.Runouce-823
0.98/23205

Dr.Web
Win32.HLLP.Neshta
9.0.1.05190

File size:
2.1 MB (2,253,152 bytes)

Product version:
2.3.0.1

Copyright:
Copyright (c) 2014 Wondershare. All rights reserved

Trademarks:
Wondershare

Original file name:
Wondershare Studio

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\common files\wondershare\wondershare helper compact\wshelper.exe

Digital Signature
Signed by:
Wondershare software CO., LIMITED

Authority:
VeriSign, Inc.

Valid from:
2/21/2014 3:00:00 AM

Valid to:
2/22/2016 2:59:59 AM

Subject:
CN="Wondershare software CO., LIMITED", OU=R & D Management, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Wondershare software CO., LIMITED", L=Shenzhen, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
30DC6C3A7D282A8E5552CEB78E4C075A

File PE Metadata
Compilation timestamp:
9/11/2014 1:10:09 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x1AA428

Entry point:
55, 8B, EC, 83, C4, E0, 33, C0, 89, 45, E0, 89, 45, E4, 89, 45, EC, 89, 45, E8, B8, 20, 7F, 5A, 00, E8, 92, F2, E5, FF, 33, C0, 55, 68, E3, A5, 5A, 00, 64, FF, 30, 64, 89, 20, E8, F7, D9, FF, FF, A1, B0, A8, 5B, 00, 8B, 00, E8, 1F, 47, E6, FF, 84, C0, 0F, 84, 48, 01, 00, 00, 8D, 55, E8, 33, C0, E8, F5, 90, E5, FF, 8B, 45, E8, 8D, 55, EC, E8, 16, 4D, E6, FF, 8D, 45, EC, BA, FC, A5, 5A, 00, E8, BD, C7, E5, FF, 8B, 4D, EC, B2, 01, A1, 48, 71, 4C, 00, E8, 26, 0C, F2, FF, 8B, 15, 2C, A2, 5B, 00, 89, 02, E8, CD...
 
[+]

Entropy:
6.5935

Developed / compiled with:
Microsoft Visual C++

Code size:
1.7 MB (1,740,800 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Wondershare Helper Compact.exe

Command:
C:\Program Files\common files\wondershare\wondershare helper compact\wshelper.exe


Scan wshelper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.