home

hpqwmiex.EXE

HP Software Framework

Hewlett-Packard

The executable hpqwmiex.EXE, “HP Software Framework WMI Service” has been detected as malware by 3 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “HP Software Framework Service”.
Publisher:
HP  (signed by Hewlett-Packard)

Product:
HP Software Framework

Description:
HP Software Framework WMI Service

Version:
6, 5, 15, 1

MD5:
b80e1158ecbb4a20437b67626ba90bc2

SHA-1:
65602bed3a7bd334bea0433a0890cd6e422ae81c

SHA-256:
fadeb388a9f2a8a1b21d496c2890172d75915bdc0223ade661f6aeaee8674736

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
4/24/2024 11:56:06 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Floxif.H virus
6.3.12010.0

F-Prot
W32/Floxif.B
4.6.5.141

F-Secure
Win32.Floxif.A
5.15.154

File size:
1.1 MB (1,180,839 bytes)

Product version:
6, 5, 15, 1

Copyright:
Copyright (c) 2003-2014 HP Development Company, L.P.

Original file name:
hpqwmiex.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\hewlett-packard\shared\hpqwmiex.exe

Digital Signature
Signed by:
Hewlett-Packard

Authority:
COMODO CA Limited

Valid from:
3/4/2015 6:00:00 AM

Valid to:
3/4/2016 5:59:59 AM

Subject:
CN=Hewlett-Packard, OU=Global Cyber Security, O=Hewlett-Packard, POBox=Mailstop PAL20-A7K, STREET=3000 Hanover St., L=Palo Alto, S=California, PostalCode=94304-1112, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4FBFCE85293799EEF93BBDBA65E5D1D9

File PE Metadata
Compilation timestamp:
10/20/2015 2:31:22 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x7D8A2

Entry point:
E9, 3C, 8A, FF, FF, E9, 7F, FE, FF, FF, 53, 8B, DC, 51, 51, 83, E4, F0, 83, C4, 04, 55, 8B, 6B, 04, 89, 6C, 24, 04, 8B, EC, 8B, 4B, 08, 83, EC, 20, 83, 3D, E4, C0, 4F, 00, 01, 66, 8B, 53, 0C, 7C, 48, 0F, B7, C2, 66, 0F, 6E, C0, F2, 0F, 70, C0, 00, 66, 0F, 70, D0, 00, 8B, C1, 25, FF, 0F, 00, 00, 3D, F0, 0F, 00, 00, 77, 3E, F3, 0F, 6F, 01, 66, 0F, EF, C9, 66, 0F, 75, C8, 66, 0F, 75, C2, 66, 0F, EB, C8, 66, 0F, D7, C1, 85, C0, 75, 34, 83, C1, 10, EB, D1, 66, 3B, C2, 74, 0B, 83, C1, 02, 0F, B7, 01, 66, 85, C0...
 
[+]

Entropy:
6.5965

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
727.5 KB (744,960 bytes)

Service
Display name:
HP Software Framework Service

Service name:
hpqwmiex

Type:
Win32OwnProcess

Depends on:
RPCSS


Remove hpqwmiex.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.