home

hdi9_32_km3650w_v100e.exe

WinSFX32M for Win32

KYOCERA MITA Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from usa.kyoceradocumentsolutions.com.
Publisher:
MicSoft  (signed by KYOCERA MITA Corporation)

Product:
WinSFX32M for Win32

Description:
WinSFX32M Self Extractor for Win32

Version:
2.82.0.1

MD5:
0130ff51a004e32229f834c3a67c0acc

SHA-1:
bfc5dcc36bd65aba82e5a92da598fd659b570ce8

SHA-256:
665b70527b08d208c76b427a3529891077187752b35d5ff0516e9eec767725f6

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
7/3/2025 12:58:14 PM UTC  (today)

Scan engine
Detection
Engine version

Vba32 AntiVirus
TrojanDropper.Injector
3.12.26.4

Zillya! Antivirus
Worm.VBNA.Win32.257376
2.0.0.2587

File size:
144.1 KB (147,544 bytes)

Product version:
2.82.0.1

Copyright:
(C)Micco 1997-2005 All rights reserved.

Original file name:
LZHSFX32.EXE

File type:
Executable application (Win32 EXE)

Language:
Japanese (Japan)

Common path:
C:\users\{user}\downloads\hdi9_32_km3650w_v100e.exe

Digital Signature
Signed by:
KYOCERA MITA Corporation

Authority:
VeriSign, Inc.

Valid from:
11/19/2006 6:00:00 PM

Valid to:
11/20/2007 5:59:59 PM

Subject:
CN=KYOCERA MITA Corporation, OU=R&D Division 3, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=KYOCERA MITA Corporation, L=CHUO-KU, S=OSAKA, C=JP

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
73ACE00B679A5F0B3E9EF7DF744E96DC

File PE Metadata
Compilation timestamp:
9/13/2005 9:20:11 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.2

Entry address:
0x6F34

Entry point:
64, A1, 00, 00, 00, 00, 55, 8B, EC, 6A, FF, 68, 90, 81, 40, 00, 68, 84, 70, 40, 00, 50, A1, 18, 98, 40, 00, 64, 89, 25, 00, 00, 00, 00, 8B, 0D, 34, A3, 40, 00, 83, EC, 6C, 89, 01, 8B, 15, 14, 98, 40, 00, A1, 30, A3, 40, 00, 53, 56, 57, 89, 65, E8, 89, 10, E8, 01, 01, 00, 00, 8D, 55, D8, 8D, 45, D4, FF, 35, 10, 98, 40, 00, 52, 50, 8D, 4D, D0, 51, E8, E4, 00, 00, 00, 83, C4, 10, 68, 04, B0, 40, 00, 68, 00, B0, 40, 00, E8, CA, 00, 00, 00, 83, C4, 08, C7, 45, FC, 00, 00, 00, 00, A1, 24, A3, 40, 00, 8B, 30, 8A...
 
[+]

Entropy:
7.7152

Developed / compiled with:
Microsoft Visual C, 2.0

Code size:
25 KB (25,600 bytes)

The file hdi9_32_km3650w_v100e.exe has been seen being distributed by the following URL.

http://usa.kyoceradocumentsolutions.com/americas/jsp/upload/resource/18954/.../HDI9_32_KM3650w_V100E.EXE

Scan hdi9_32_km3650w_v100e.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.