Having trouble signing in? Try this!
Post new question
Question
Reply
 
Teacher
Posts: 57
Member Since: ‎07-21-2016
Message 1 of 3 (377 Views)

sp81969.exe

Product Name: HP ZBook Dock with Thunderbolt 3

10 different vendors classifies a file (hp_104xfwupg1520_131025101126.exe) inside update sp81969.exe as trojan/malware.

 

https://www.virustotal.com/en/file/3c7819edad36ebd2c0ed22ea18723a254bb24d243c6e742d443c711b00088012/...

 

Reply
0 Kudos
Highlighted
Dean
Posts: 7,217
Member Since: ‎05-06-2013
Message 2 of 3 (311 Views)

Re: sp81969.exe

Hello,

 

Thank you for posting in the HP Support forum @bubler

 

Sorry for the delay in the reply.

 

The file is clean. It is classified by these vendors by mistake - as you can see, the detection is not definite , it's heuristic type "Unsafe" / "High confidence" / "Suspicious" - it has no specific malware name.

 

It is detected by let's say "less reputable" vendors.

 

Antivirus have many different methods for detecting malicious code/viral and non-viral malicious code. Some are definitions for concrete detections. Others are behaviour analysis, heuristic analysis, intrustion prevention detection, etc... The effectiveness of heuristic analysis may be high re. catching new threats, but the effectiveness is fairly ~low regarding accuracy and the number of false positives/false detections. Here is more info about the AV heuristics >> https://en.wikipedia.org/wiki/Heuristic_analysis

 

 

Hope this helps!

* You can say Thanks or give me LIKE with the Thumb Up+ button (+1)
* Please, use the button to accept this post as a solution if my comment helped

IT_WinSec : I am not employed by HP Inc. I am a volunteer and I express personal opinion only. I work in IT and cyber security
Student
Posts: 1
Member Since: ‎01-15-2018
Message 3 of 3 (210 Views)

Re: sp81969.exe

API Call
API Name: SetWindowsHookExA Address: 0x00077c42
Params: [4294967295, 0x77a81, 0x0, 3292]
Imagepath: C:\Users\admin\AppData\Local\Temp\~sfx0072B99E5C\ASM104FWUpdate.exe DLL Name: user32.dll

 

hi, apart of the "less reputate" AV vendors. i noticed there is a keylogging activitiy as shown above which was retrieved from the sandbox analysing report. why is it so that it need such a control?

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation