Teacher
Teacher
64 1 16
Message 1 of 3
Flag Post

sp81969.exe

HP ZBook Dock with Thunderbolt 3

10 different vendors classifies a file (hp_104xfwupg1520_131025101126.exe) inside update sp81969.exe as trojan/malware.

 

https://www.virustotal.com/en/file/3c7819edad36ebd2c0ed22ea18723a254bb24d243c6e742d443c711b00088012/...

 

2 REPLIES
Highlighted
Dean Dean
Dean
7570 605 2658
Message 2 of 3
Flag Post

sp81969.exe

Hello,

 

Thank you for posting in the HP Support forum @bubler

 

Sorry for the delay in the reply.

 

The file is clean. It is classified by these vendors by mistake - as you can see, the detection is not definite , it's heuristic type "Unsafe" / "High confidence" / "Suspicious" - it has no specific malware name.

 

It is detected by let's say "less reputable" vendors.

 

Antivirus have many different methods for detecting malicious code/viral and non-viral malicious code. Some are definitions for concrete detections. Others are behaviour analysis, heuristic analysis, intrustion prevention detection, etc... The effectiveness of heuristic analysis may be high re. catching new threats, but the effectiveness is fairly ~low regarding accuracy and the number of false positives/false detections. Here is more info about the AV heuristics >> https://en.wikipedia.org/wiki/Heuristic_analysis

 

 

Hope this helps!

**** It would be great if you use the THUMB-UP+ button below for encouragement, likes and kudos
**** Please, hit the button to mark this post as an ACCEPTED SOLUTION if it helps **** Thanks !

I am not employed by HP Inc. I express personal opinion only. **** HP Expert **** I work in IT and cyber security
Reply
0 Kudos
Jozzy Student
Student
1 0 0
Message 3 of 3
Flag Post

sp81969.exe

API Call
API Name: SetWindowsHookExA Address: 0x00077c42
Params: [4294967295, 0x77a81, 0x0, 3292]
Imagepath: C:\Users\admin\AppData\Local\Temp\~sfx0072B99E5C\ASM104FWUpdate.exe DLL Name: user32.dll

 

hi, apart of the "less reputate" AV vendors. i noticed there is a keylogging activitiy as shown above which was retrieved from the sandbox analysing report. why is it so that it need such a control?

Reply
0 Kudos
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation