× Cookies are disabled! אתר זה דורש שקבצי Cookie יהיו זמינים על מנת שיוכל לפעול כראוי
SHA256: 9b5f85fb164d177a24a521df6a9515f1dfb502d1b83581d37dae8ac3f1ad9010
שם קובץ: Wondershare Studio
יחס זיהוי: 0 / 71
תאריך ניתוח: 2019-05-03 15:18:00 UTC ( 3 שבועות לפני )
אנטי־וירוס תוצאה עדכן
Acronis 20190501
Ad-Aware 20190503
AegisLab 20190503
AhnLab-V3 20190503
Alibaba 20190426
ALYac 20190503
Antiy-AVL 20190503
Arcabit 20190503
Avast 20190503
Avast-Mobile 20190503
AVG 20190503
Avira (no cloud) 20190503
Babable 20190424
Baidu 20190318
BitDefender 20190503
Bkav 20190503
CAT-QuickHeal 20190503
ClamAV 20190503
CMC 20190321
Comodo 20190503
CrowdStrike Falcon (ML) 20190212
Cybereason 20190417
Cylance 20190503
Cyren 20190503
DrWeb 20190503
eGambit 20190503
Emsisoft 20190503
Endgame 20190403
ESET-NOD32 20190503
F-Prot 20190503
F-Secure 20190503
FireEye 20190503
Fortinet 20190503
GData 20190503
Ikarus 20190503
Sophos ML 20190313
Jiangmin 20190503
K7AntiVirus 20190503
K7GW 20190503
Kaspersky 20190503
Kingsoft 20190503
Malwarebytes 20190503
MAX 20190503
MaxSecure 20190503
McAfee 20190503
McAfee-GW-Edition 20190502
Microsoft 20190503
eScan 20190503
NANO-Antivirus 20190503
Palo Alto Networks (Known Signatures) 20190503
Panda 20190503
Qihoo-360 20190503
Rising 20190503
SentinelOne (Static ML) 20190420
Sophos AV 20190503
SUPERAntiSpyware 20190430
Symantec Mobile Insight 20190418
TACHYON 20190503
Tencent 20190503
TheHacker 20190430
TotalDefense 20190503
Trapmine 20190325
TrendMicro 20190503
TrendMicro-HouseCall 20190503
Trustlook 20190503
VBA32 20190503
ViRobot 20190503
Webroot 20190503
Yandex 20190501
Zillya 20190503
ZoneAlarm by Check Point 20190503
Zoner 20190503
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 2017 Wondershare. All rights reserved

Product Wondershare Studio
Original name Wondershare Studio
Internal name Wondershare Studio
File version 2.5.3.1
Description Wondershare Studio
Signature verification Signed file, verified signature
Signing date 2:52 AM 3/23/2017
Signers
[+] Wondershare Technology Co.,Ltd
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 12:00 AM 02/23/2017
Valid to 11:59 PM 02/23/2018
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint DA678EAB92B7B634C6B7EE0382F5AEF60F736EFC
Serial number 5C CA A8 23 69 A2 6A EE 30 D0 17 61 6B 1C EB 69
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 02/08/2010
Valid to 11:59 PM 02/07/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 11/08/2006
Valid to 11:59 PM 07/16/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] GlobalSign TSA for Advanced - G2
Status Valid
Issuer GlobalSign Timestamping CA - SHA256 - G2
Valid from 12:00 AM 05/24/2016
Valid to 12:00 AM 06/24/2027
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 7D55D8E75A56A2FC738243F7B854875C5CB52A0D
Serial number 11 21 06 F1 0F CE 68 F0 9B FA E5 5B 18 CD 8F 20 01 77
[+] GlobalSign Timestamping CA - SHA256 - G2
Status Valid
Issuer GlobalSign
Valid from 10:00 AM 08/02/2011
Valid to 10:00 AM 03/29/2029
Valid usage All
Algorithm sha256RSA
Thumbrint 91843BBD936D86EAFA42A3AFBF33E92831068F99
Serial number 04 00 00 00 00 01 31 89 C6 50 04
[+] GlobalSign Root CA - R3
Status Valid
Issuer GlobalSign
Valid from 10:00 AM 03/18/2009
Valid to 10:00 AM 03/18/2029
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha256RSA
Thumbrint D69B561148F01C77C54578C10926DF5B856976AD
Serial number 04 00 00 00 00 01 21 58 53 08 A2
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-23 01:52:18
Entry Point 0x001B2468
Number of sections 9
PE sections
Overlays
MD5 447c9a5be565c2f960a3d93a72ed40d1
File type data
Offset 2119680
Size 13536
Entropy 7.38
PE imports
IsAdmin
createVC
CompareVersion
GetDAQServices
CoInternetCreateSecurityManager
CoInternetCreateZoneManager
RegCreateKeyExW
RegFlushKey
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
GetUserNameW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegQueryValueExW
ImageList_BeginDrag
ImageList_GetImageCount
ImageList_SetBkColor
FlatSB_SetScrollInfo
ImageList_SetImageCount
FlatSB_GetScrollInfo
ImageList_GetDragImage
FlatSB_SetScrollProp
ImageList_Create
ImageList_DragMove
ImageList_DrawEx
ImageList_SetIconSize
ImageList_Write
ImageList_Read
ImageList_Destroy
_TrackMouseEvent
ImageList_Draw
ImageList_GetIconSize
ImageList_DragLeave
ImageList_GetBkColor
ImageList_GetIcon
FlatSB_SetScrollPos
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_Add
InitializeFlatSB
FlatSB_GetScrollPos
ImageList_DragShowNolock
ImageList_Remove
ImageList_EndDrag
GetOpenFileNameW
GetTextMetricsW
SetMapMode
GetWindowOrgEx
GetPaletteEntries
CombineRgn
CopyEnhMetaFileW
SetPixel
IntersectClipRect
OffsetWindowOrgEx
CreateEllipticRgn
CreatePalette
CreateDIBitmap
GetDIBits
ExtCreateRegion
GetEnhMetaFileBits
GetDCOrgEx
StretchBlt
SetBkColor
SetWinMetaFileBits
GetDIBColorTable
DeleteEnhMetaFile
GetSystemPaletteEntries
OffsetRgn
GetCurrentPositionEx
LPtoDP
GetPixel
GetBrushOrgEx
ExcludeClipRect
SetBkMode
OffsetClipRgn
BitBlt
CreateEnhMetaFileW
FrameRgn
CreateBrushIndirect
SelectPalette
ExtSelectClipRgn
GetRegionData
CloseEnhMetaFile
SetROP2
SetDIBColorTable
DeleteObject
CreatePenIndirect
PatBlt
SetStretchBltMode
Rectangle
GetDeviceCaps
LineTo
DeleteDC
CreateFontIndirectW
GetObjectW
RealizePalette
SetEnhMetaFileBits
CreateBitmap
RectVisible
GetStockObject
PlayEnhMetaFile
UnrealizeObject
GdiFlush
RoundRect
GetWinMetaFileBits
GetEnhMetaFileDescriptionW
GetEnhMetaFileHeader
SetWindowOrgEx
GetTextExtentPointW
GetTextExtentPoint32W
CreateHalftonePalette
GetRgnBox
SaveDC
MaskBlt
GetEnhMetaFilePaletteEntries
RestoreDC
GetBitmapBits
CreateSolidBrush
CreateDIBSection
SetTextColor
GetClipBox
GetCurrentObject
MoveToEx
SetViewportOrgEx
ExtTextOutW
CreateRoundRectRgn
CreateCompatibleDC
SetBrushOrgEx
CreateRectRgn
SelectObject
Ellipse
GetStretchBltMode
Polyline
CreateCompatibleBitmap
GdipLoadImageFromStreamICM
GdipGetImageHorizontalResolution
GdipAlloc
GdipGetImageEncodersSize
GdipBitmapLockBits
GdipCreateBitmapFromFile
GdipLoadImageFromFileICM
GdipGetPropertyItemSize
GdipSaveImageToFile
GdipGetImagePixelFormat
GdipSaveGraphics
GdipSetSmoothingMode
GdipSetImageAttributesColorMatrix
GdipSetImageAttributesColorKeys
GdipCreateBitmapFromScan0
GdipGetImageVerticalResolution
GdipGetImagePalette
GdipImageGetFrameDimensionsCount
GdipDisposeImage
GdipBitmapUnlockBits
GdipImageSelectActiveFrame
GdipGetImageType
GdipSetImagePalette
GdiplusStartup
GdipCreateBitmapFromStreamICM
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromStream
GdipGetImageBounds
GdipGraphicsClear
GdipCreateImageAttributes
GdipSetPixelOffsetMode
GdipImageGetFrameDimensionsList
GdipGetImageEncoders
GdipDisposeImageAttributes
GdipImageGetFrameCount
GdipGetImagePaletteSize
GdipCreateBitmapFromHBITMAP
GdipDrawImageRect
GdipCreateBitmapFromFileICM
GdipLoadImageFromFile
GdiplusShutdown
GdipGetImageWidth
GdipDrawImageRectI
GdipDrawImageRectRectI
GdipGetPropertyItem
GdipSetInterpolationMode
GdipSaveImageToStream
GdipGetImageFlags
GdipLoadImageFromStream
GdipGetImageRawFormat
GdipGetImageHeight
GdipFree
GdipReleaseDC
GdipSetPageUnit
GdipGetImageGraphicsContext
GdipRestoreGraphics
SetThreadLocale
GetStdHandle
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
FindNextFileA
SignalObjectAndWait
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
FileTimeToDosDateTime
EnumSystemLocalesW
LocalAlloc
GetVolumeInformationW
SetErrorMode
GetLogicalDrives
GetLocaleInfoW
GetFileTime
WideCharToMultiByte
GetDiskFreeSpaceW
InterlockedExchange
WriteFile
GetFullPathNameA
SetEvent
FormatMessageW
ResumeThread
GetExitCodeProcess
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
MoveFileW
SetFileAttributesW
GetCurrentThread
SetLastError
DeviceIoControl
InterlockedDecrement
GlobalFindAtomW
WriteProcessMemory
OutputDebugStringW
GetModuleFileNameW
ExitProcess
GetSystemDefaultLCID
RemoveDirectoryA
RaiseException
InterlockedExchangeAdd
GetPrivateProfileStringA
SetThreadPriority
GetUserDefaultLCID
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
GetPrivateProfileStringW
GetModuleHandleA
GlobalMemoryStatus
GlobalAddAtomW
CreateThread
GetSystemDirectoryW
GetExitCodeThread
CreateMutexW
MulDiv
ExitThread
WaitForMultipleObjectsEx
TerminateProcess
SetCurrentDirectoryW
VirtualQuery
LocalFileTimeToFileTime
VirtualQueryEx
CreateEventW
SetEndOfFile
GetVersion
InterlockedIncrement
EnterCriticalSection
LoadLibraryW
GlobalGetAtomNameW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
VirtualProtect
FlushFileBuffers
RtlUnwind
CopyFileW
GlobalSize
GetStartupInfoA
GetFileSize
GetUserDefaultLangID
OpenProcess
DeleteFileA
GetDateFormatW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetTempFileNameW
GetComputerNameW
EnumResourceNamesW
CompareStringW
lstrcpyW
RemoveDirectoryW
FindNextFileW
ResetEvent
FindFirstFileW
IsValidLocale
GlobalLock
SetVolumeLabelW
SuspendThread
GetModuleFileNameA
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
GlobalDeleteAtom
GetShortPathNameW
GetSystemInfo
GlobalFree
FindResourceW
GetThreadLocale
GlobalUnlock
GlobalAlloc
lstrlenW
CreateProcessW
SwitchToThread
SizeofResource
GetCurrentDirectoryW
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
GetCPInfo
InterlockedCompareExchange
WritePrivateProfileStringW
lstrcpynW
QueryPerformanceFrequency
SetFilePointer
GetFullPathNameW
ReadFile
FindFirstFileA
CloseHandle
OpenMutexW
GetACP
GetModuleHandleW
FreeResource
FileTimeToLocalFileTime
GetFileAttributesExW
GetTempPathW
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
WNetGetConnectionW
AlphaBlend
OleUninitialize
CoUninitialize
CoRegisterClassObject
IsEqualGUID
CreateStreamOnHGlobal
RevokeDragDrop
IsAccelerator
CoCreateGuid
RegisterDragDrop
StringFromCLSID
CLSIDFromString
CoGetClassObject
ProgIDFromCLSID
OleDraw
CoInitialize
OleInitialize
CoLockObjectExternal
CoCreateInstance
CoTaskMemAlloc
CoRevokeClassObject
CLSIDFromProgID
CoDisconnectObject
OleSetMenuDescriptor
CoTaskMemFree
CreateErrorInfo
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
RegisterTypeLib
VariantClear
GetActiveObject
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantInit
VariantCopy
LoadTypeLibEx
GetErrorInfo
SysFreeString
DispGetIDsOfNames
SetErrorInfo
SHGetFolderPathW
Shell_NotifyIconW
ShellExecuteW
SHAppBarMessage
SHGetSpecialFolderPathW
ShellExecuteA
MapWindowPoints
GetMessagePos
SetWindowRgn
RedrawWindow
LoadBitmapW
EnableScrollBar
DestroyMenu
PostQuitMessage
GetForegroundWindow
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
WindowFromPoint
DrawIcon
GetMessageTime
SetMenuItemInfoW
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
GetMenuStringW
SendMessageW
SendMessageA
UnregisterClassW
GetClientRect
GetMenuItemInfoW
DefMDIChildProcW
SetMenuDefaultItem
SetScrollPos
CallNextHookEx
GetSysColor
GetKeyboardState
ClientToScreen
GetTopWindow
GetWindowTextW
SetDlgItemTextW
GetWindowTextLengthW
MsgWaitForMultipleObjects
ScrollWindow
DrawTextW
CopyImage
PtInRect
DrawEdge
GetParent
UpdateWindow
GetPropW
SetClassLongW
EnumWindows
ShowWindow
FlashWindowEx
SetPropW
GetDesktopWindow
PeekMessageW
TranslateMDISysAccel
InsertMenuItemW
SetWindowPlacement
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
ActivateKeyboardLayout
RegisterClassW
GetIconInfo
SetParent
SetClipboardData
IsZoomed
GetWindowPlacement
LoadStringW
GetKeyboardLayoutList
DrawMenuBar
IsIconic
TrackPopupMenuEx
GetSubMenu
SetTimer
OemToCharA
GetActiveWindow
IsDialogMessageW
FillRect
EnumThreadWindows
GetSysColorBrush
IsWindowUnicode
CreateWindowExW
GetWindowLongW
CharNextW
IsChild
IsDialogMessageA
SetFocus
RegisterWindowMessageW
BeginPaint
OffsetRect
DefWindowProcW
GetScrollPos
GetKeyboardLayoutNameW
KillTimer
MapVirtualKeyW
GetClipboardData
GetSystemMetrics
SetWindowLongW
SetScrollRange
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
EnumChildWindows
GetScrollRange
CreateIconIndirect
SendDlgItemMessageW
CharLowerW
PostMessageW
GetKeyNameTextW
DrawTextExW
WaitMessage
CreatePopupMenu
CheckMenuItem
DrawFocusRect
GetClassLongW
GetLastActivePopup
DrawIconEx
CharUpperBuffW
SetWindowTextW
GetDCEx
GetDlgItem
RemovePropW
CharLowerBuffW
BringWindowToTop
GetSystemMenu
ScreenToClient
TrackPopupMenu
PostThreadMessageW
GetMenuItemCount
GetMenuState
ShowOwnedPopups
LoadCursorW
LoadIconW
FindWindowExW
GetDC
InsertMenuW
SetForegroundWindow
OpenClipboard
EmptyClipboard
GetCaretBlinkTime
DrawTextA
IntersectRect
GetScrollInfo
GetKeyboardLayout
FindWindowW
GetCapture
MessageBeep
LoadMenuW
RemoveMenu
GetWindowThreadProcessId
ShowScrollBar
MessageBoxW
GetMenu
DestroyIcon
DrawFrameControl
UnhookWindowsHookEx
MoveWindow
LoadKeyboardLayoutW
MessageBoxA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
MsgWaitForMultipleObjectsEx
RegisterClipboardFormatW
SetScrollInfo
GetKeyState
GetWindowRgn
GetDoubleClickTime
EnableMenuItem
DefFrameProcW
IsWindowVisible
CharToOemA
SystemParametersInfoW
DispatchMessageW
FrameRect
SetRect
DeleteMenu
InvalidateRect
CreateIcon
CallWindowProcW
GetClassNameW
DestroyWindow
GetClassInfoW
SetWindowsHookExW
IsRectEmpty
GetCursor
GetFocus
CreateMenu
EnableWindow
CloseClipboard
GetKeyboardType
SetMenu
SetCursor
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
InternetCloseHandle
InternetSetOptionW
InternetGetConnectedState
InternetOpenW
InternetConnectW
connect
__WSAFDIsSet
htons
socket
setsockopt
closesocket
inet_addr
send
WSACleanup
WSAStartup
gethostbyname
ntohs
select
shutdown
ioctlsocket
recv
WSAGetLastError
getservbyname
Number of PE resources by type
RT_STRING 29
RT_BITMAP 21
RT_GROUP_CURSOR 10
RT_CURSOR 10
RT_ICON 9
RT_RCDATA 8
TYPELIB 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 41
ENGLISH US 36
CHINESE SIMPLIFIED 14
PE resources
ExifTool file metadata
LegalTrademarks
Wondershare

SubsystemVersion
5.0

InitializedDataSize
345088

ImageVersion
0.0

ProductName
Wondershare Studio

FileVersionNumber
2.5.3.1

UninitializedDataSize
0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Chinese (Simplified)

LinkerVersion
2.25

FileTypeExtension
exe

OriginalFileName
Wondershare Studio

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.5.3.1

TimeStamp
2017:03:23 02:52:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Wondershare Studio

ProductVersion
2.5.3.1

FileDescription
Wondershare Studio

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright (c) 2017 Wondershare. All rights reserved

MachineType
Intel 386 or later, and compatibles

CompanyName
Wondershare

CodeSize
1773568

FileSubtype
0

ProductVersionNumber
2.5.3.1

EntryPoint
0x1b2468

ObjectFileType
Executable application

Execution parents
Compressed bundles
File identification
MD5 db67e9196605d61d8278e5278777c71f
SHA1 6fe39b3ace96505269745ed2b81975abb5aea647
SHA256 9b5f85fb164d177a24a521df6a9515f1dfb502d1b83581d37dae8ac3f1ad9010
ssdeep
24576:4CtqIkZmZI+NFCwGYt7hGxhZxGv/Ai3DRqz1ZALpqfWmA6Nt7CaG0lCfXCwyMlna:XrZjGYoM3qc3P3gRQTXT6Fdsbs7k+

authentihash 431bfd6528717a026dc5a3b1f178be0c125ee59225e1c66a3477a49f45af380e
imphash 23e9c927a639a2ea264655bc8cb838c9
קודל קובץ 2.0 מ"ב ( 2133216 bytes )
סוג קובץ Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID DOS Borland compiled Executable (generic) (44.2%)
Win32 Executable (generic) (19.9%)
Win16/32 Executable Delphi generic (9.1%)
OS/2 Executable (generic) (8.9%)
Generic Win/DOS Executable (8.8%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-03-30 18:58:59 UTC ( 2 שנים, 1 חודש לפני )
Last submission 2019-03-15 09:38:13 UTC ( 2 חודשים, 1 שבוע לפני )
שמות קבצים WSHelper.exe
wshelper.exe
WSHelper.exe
wshelper.exe
wshelper.exe
WSHelper.exe
9b5f85fb164d177a24a521df6a9515f1dfb502d1b83581d37dae8ac3f1ad9010.bin
WSHelper.exe
9b5f85fb164d177a_wshelper.exe
WSHelper.exe
WSHelper.exe
WSHelper.exe
wshelper.exe
wshelper.exe
Wondershare Studio
WSHelper.exe
Behaviour characterization
Zemana
dll-injection

אין תגובות. אף חבר קהילה של VirusTotal הגיב על הפריט הזה. היה הראשון לעשות זאת!

השאר תגובה...

?
פרסם תגובה

אתה לא מחובר. רק משתמשים רשומים יכולים להשאיר תגובה. והתחבר והראה את קולך!

אין הצבעות. אף אחד לא הצביע על קובץ זה. היה הראשון לעשות זאת!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications