» hp_web_jetadmin_proxy_agent_sw_j6052-10559.exe
Overview
Analysis
File Details
Downloads (1)

hp_web_jetadmin_proxy_agent_sw_j6052-10559.exe

Hewlett-Packard Company

This is a setup program which is used to install the application. The file has been seen being downloaded from h30668.www3.hp.com.

File name:

Publisher:

Hewlett-Packard Company (signed and verified)

MD5:

e8e066f845ee8ec392310ae569607d01

SHA-1:

fbad1bccd3033c55ea8cda3d5425f957e27c58f1

SHA-256:

eaadc5713a74fe2b82ca0db99f758c5e1422ee02d983397126480792da793edd

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/26/2024 11:27:28 PM UTC (a few moments ago)

File size:

10 MB (10,434,536 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\hp_web_jetadmin_proxy_agent_sw_j6052-10559.exe

Digital Signature

Signed by:

Hewlett-Packard Company

Authority:

COMODO CA Limited

Valid from:

5/28/2015 8:00:00 PM

Valid to:

5/28/2016 7:59:59 PM

Subject:

CN=Hewlett-Packard Company, OU=HP Cyber Security, O=Hewlett-Packard Company, STREET=3000 Hanover Street, L=Palo Alto, S=CA, PostalCode=94304, C=US

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00EE0FA6AAD95C8B30732485400FB85BC4

File PE Metadata

Compilation timestamp:

7/15/2013 12:56:58 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

196608:S8yKd1czzKndeisM6bGCfWkpk6OWPYTCpIa1QYJOA2b0iRe874envfdmsYON:YKbndeisM57kpktuYuaIwlbe80ilYc

Entry address:

0x6791

Entry point:

E8, B9, 27, 00, 00, E9, 89, FE, FF, FF, 2D, A4, 03, 00, 00, 74, 22, 83, E8, 04, 74, 17, 83, E8, 0D, 74, 0C, 48, 74, 03, 33, C0, C3, B8, 04, 04, 00, 00, C3, B8, 12, 04, 00, 00, C3, B8, 04, 08, 00, 00, C3, B8, 11, 04, 00, 00, C3, 8B, FF, 56, 57, 8B, F0, 68, 01, 01, 00, 00, 33, FF, 8D, 46, 1C, 57, 50, E8, D6, A9, FF, FF, 33, C0, 0F, B7, C8, 8B, C1, 89, 7E, 04, 89, 7E, 08, 89, 7E, 0C, C1, E1, 10, 0B, C1, 8D, 7E, 10, AB, AB, AB, B9, A8, 11, 41, 00, 83, C4, 0C, 8D, 46, 1C, 2B, CE, BF, 01, 01, 00, 00, 8A, 14, 01... 
[+]

Entropy:

7.9981 (probably packed)

Code size:

51.5 KB (52,736 bytes)

The file hp_web_jetadmin_proxy_agent_sw_j6052-10559.exe has been seen being distributed by the following URL.

http://h30668.www3.hp.com/.../HP_Web_Jetadmin_Proxy_Agent_SW_J6052-10559.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.