home

hpusbrdpclnt.dll

HP RDP USB Redirector

Provision Networks, Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘hpusbrdpclnt’.
Publisher:
Hewlett-Packard Company  (signed by Provision Networks, Inc.)

Product:
HP RDP USB Redirector

Description:
RDP Virtual Channel

Version:
6.0.16.0

MD5:
59b7187a97844059202b017cfc20aaf9

SHA-1:
08410df9627fd31426f75da1bd2526a1eece0780

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 11:30:06 AM UTC  (today)

File size:
77.3 KB (79,184 bytes)

Product version:
6.0.16.0

Copyright:
© Copyright 2009 Hewlett-Packard Development Company, L.P.; © Copyright 2004-2009 Quest Software, Inc. All rights reserved.

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Windows\System32\hpusbrdpclnt.dll

Digital Signature
Signed by:
Provision Networks, Inc.

Authority:
VeriSign, Inc.

Subject:
CN="Provision Networks, Inc.", OU=Information Technology, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Provision Networks, Inc.", L=Vienna, S=Virginia, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
39098730358471ACF1E0C75A7BE9E1D5

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:KkjkcNes2ZOIsTm0b10Ec99KtssUiZbmzC:TNEsknkab99Ktsd1W

Entry address:
0x3EEA

Entry point:
55, 8B, EC, 53, 8B, 5D, 08, 56, 8B, 75, 0C, 57, 8B, 7D, 10, 85, F6, 75, 09, 83, 3D, 50, EB, 00, 10, 00, EB, 26, 83, FE, 01, 74, 05, 83, FE, 02, 75, 22, A1, 5C, F2, 00, 10, 85, C0, 74, 09, 57, 56, 53, FF, D0, 85, C0, 74, 0C, 57, 56, 53, E8, E7, FE, FF, FF, 85, C0, 75, 04, 33, C0, EB, 4E, 57, 56, 53, E8, D6, D4, FF, FF, 83, FE, 01, 89, 45, 0C, 75, 0C, 85, C0, 75, 37, 57, 50, 53, E8, C3, FE, FF, FF, 85, F6, 74, 05, 83, FE, 03, 75, 26, 57, 56, 53, E8, B2, FE, FF, FF, 85, C0, 75, 03, 21, 45, 0C, 83, 7D, 0C, 00...
 
[+]

Entropy:
4.8192

Developed / compiled with:
Microsoft Visual C++

Code size:
36 KB (36,864 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
hpusbrdpclnt

Command:
C:\Windows\System32\rundll32 C:\Windows\System32\hpusbrdpclnt.dll,registervirtualchannel


Scan hpusbrdpclnt.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.