» m477_m377_mfp_series_fw_update-20160921.nativeofficefonts.exe
Overview
Analysis
File Details
Downloads (2)

m477_m377_mfp_series_fw_update-20160921.nativeofficefonts.exe

HP Inc.

This is a setup program which is used to install the application. The file has been seen being downloaded from h20565.www2.hp.com and multiple other hosts.

File name:

Publisher:

HP Inc. (signed and verified)

MD5:

6d16a2ac1075a5b4e79f21d4c30898dd

SHA-1:

70dec32dc91d7a3ac5ab058546d05bb3fdbe0463

SHA-256:

a31d6a1fdcdd3ca54b5e9684b4d05ffac5b37e1578f0c199a31c55a9572d74a8

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

12/28/2024 11:59:11 AM UTC (today)

File size:

27.9 MB (29,305,408 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\m477_m377_mfp_series_fw_update-20160921.nativeofficefonts.exe

Digital Signature

Signed by:

HP Inc.

Authority:

COMODO CA Limited

Valid from:

8/19/2016 2:00:00 AM

Valid to:

8/20/2017 1:59:59 AM

Subject:

CN=HP Inc., OU=HP Cyber Security, O=HP Inc., STREET=1501 Page Mill Road, L=Palo Alto, S=CA, PostalCode=94304, C=US

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

44F1958641EFC15CB6B9C45F9A4EF80C

File PE Metadata

Compilation timestamp:

9/22/2016 10:35:24 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

393216:rR54EJD5KgQbGjl+xFBnqtCcbZDgNWjTvT2r57/Z8YR7vwYAK9Pn8jW7/WtmVzXy:r/4EGraxEBnxADBarRZzys/8jW7/Wtay

Entry address:

0x1290

Entry point:

55, 89, E5, 83, EC, 08, C7, 04, 24, 02, 00, 00, 00, FF, 15, 1C, 33, 41, 00, E8, A8, FE, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 8B, 0D, 38, 33, 41, 00, 89, E5, 5D, FF, E1, 8D, 74, 26, 00, 55, 8B, 0D, 2C, 33, 41, 00, 89, E5, 5D, FF, E1, 90, 90, 90, 90, 55, 89, E5, 83, EC, 08, E8, A5, 5B, 00, 00, C7, 04, 24, EC, CA, 40, 00, B8, 10, E0, 40, 00, 89, 44, 24, 04, E8, C0, 4B, 00, 00, C9, C3, 8D, B4, 26, 00, 00, 00, 00, 8D, BC, 27, 00, 00, 00, 00, 55, 89, E5, 83, EC, 08, C7, 04, 24, EC, CA, 40, 00, E8, 6E, 4D... 
[+]

Packer / compiler:

MingWin32

Code size:

31.5 KB (32,256 bytes)

The file m477_m377_mfp_series_fw_update-20160921.nativeofficefonts.exe has been seen being distributed by the following 2 URLs.

http://h20565.www2.hp.com/hpsc/swd/.../obtainSoftware?url=687474703A2F2F6674702E68702E636F6D2F7075622F736F66746C69622F736F66747761726531332F46575F4350455F436F6D6D65726369616C2F4E657074756E655F54322F4D3437375F4D3337375F4D46505F5365726965735F46575F5570646174652D32303136303932312E6E61746976656F6666696365666F6E74732E657865

http://h20566.www2.hp.com/hpsc/swd/.../obtainSoftware?url=687474703A2F2F6674702E68702E636F6D2F7075622F736F66746C69622F736F66747761726531332F46575F4350455F436F6D6D65726369616C2F4E657074756E655F54322F4D3437375F4D3337375F4D46505F5365726965735F46575F5570646174652D32303136303932312E6E61746976656F6666696365666F6E74732E657865

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.