home

item_20160513_21598_win_p08rdd.exe

Samsung BIOS Windows Update Program

Samsung Electronics CO., LTD.

This is a setup program which is used to install the application. The file has been seen being downloaded from sbuservice.samsungmobile.com.
Publisher:
Samsung Electronics  (signed by Samsung Electronics CO., LTD.)

Product:
Samsung BIOS Windows Update Program

Description:
Samsung PC BIOS update program

Version:
4.25.0.0

MD5:
e902e8a98cd2666d83424b6f7beb9d56

SHA-1:
a9166257d84adf5f5271ae3bfa6587e445019bb6

SHA-256:
03bb0e39f382417637088d496244207d828767afd82d1a805af88f7c5609bee9

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
3/10/2025 3:11:34 AM UTC  (today)

File size:
6 MB (6,333,520 bytes)

Copyright:
Samsung Electronics. All rights reserved.

Original file name:
UnPacker.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\samsung\swupdate\temp\packages\409e5477-595e-4213-9214-3b52e871a81a\item_20160513_21598_win_p08rdd.exe

Digital Signature
Signed by:
Samsung Electronics CO., LTD.

Authority:
Symantec Corporation

Valid from:
12/31/2015 9:00:00 AM

Valid to:
1/28/2017 8:59:59 AM

Subject:
CN="Samsung Electronics CO., LTD.", O="Samsung Electronics CO., LTD.", L=Suwon, S=Kyungki-Do, C=KR

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
26181CEDF2C113E16AC74820DF7A38A3

File PE Metadata
Compilation timestamp:
3/31/2016 10:48:55 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
196608:U8QOsWyC2a2Tv8hSFnSRdxgSd64qfXbZhg91SrIWOgFGvS:U8QD8hIHm64qfXbcSEWzGvS

Entry address:
0x133251

Entry point:
E8, C5, A5, 00, 00, E9, 7F, FE, FF, FF, 56, 6A, 04, 6A, 20, E8, 38, AB, 00, 00, 59, 59, 8B, F0, 56, FF, 15, 30, 04, 56, 00, A3, F0, 68, 5D, 00, A3, EC, 68, 5D, 00, 85, F6, 75, 05, 6A, 18, 58, 5E, C3, 83, 26, 00, 33, C0, 5E, C3, 6A, 0C, 68, 48, 27, 5B, 00, E8, 3A, 5B, 00, 00, 83, 65, E4, 00, E8, A5, 7A, 00, 00, 83, 65, FC, 00, FF, 75, 08, E8, 23, 00, 00, 00, 59, 8B, F0, 89, 75, E4, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 8B, C6, E8, 51, 5B, 00, 00, C3, 8B, 75, E4, E8, 80, 7A, 00, 00, C3, 55, 8B, EC...
 
[+]

Entropy:
7.7334  (probably packed)

Code size:
1.4 MB (1,434,112 bytes)

The file item_20160513_21598_win_p08rdd.exe has been seen being distributed by the following URL.

http://sbuservice.samsungmobile.com/upload/.../ITEM_20160513_21598_WIN_P08RDD.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.