home

hpwuschd2.exe

HP Software Update Application

Hewlett-Packard Company

The executable hpwuschd2.exe has been detected as malware by 34 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘HP Software Update’. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.
Publisher:
Hewlett-Packard Company

Product:
HP Software Update Application

Description:
hpwuSchd

Version:
3, 0, 38, 1

MD5:
fc36716294ee0f96578bb07fa96d76a2

SHA-1:
c0bb2caf2addfdb6302763b38c767f15ce37357c

SHA-256:
17332a2d8ebda23976c6450778b48488f082393954835cb1f8279a06c384795f

Scanner detections:
34 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/24/2024 1:52:07 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Sality.3
5690745

Agnitum Outpost
Win32.Sality.BK
7.1.1

AhnLab V3 Security
Win32/Kashu.E
2015.04.25

Avira AntiVirus
W32/Sality.AT
7.11.30.172

avast!
Win32:SaliCode
150319-1

AVG
Win32/Sality
2014.0.4311

Baidu Antivirus
Virus.Win32.Sality.$Emu
4.0.3.15425

Bitdefender
Win32.Sality.3
1.0.20.575

Bkav FE
W32.Sality.PE
1.3.0.6379

Comodo Security
Virus.Win32.Sality.gen
21884

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
9.0.0.4799

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
5.13.68

G Data
Win32.Sality
15.4.25

IKARUS anti.virus
Virus.Win32.Sality
t3scan.1.8.9.0

K7 AntiVirus
Virus
13.203.15707

Kaspersky
Virus.Win32.Sality
15.0.0.543

McAfee
Virus.W32/Sality.gen.z
16.8.708.2

Microsoft Security Essentials
Threat.Undefined
1.197.2.0

MicroWorld eScan
Win32.Sality.3
16.0.0.345

NANO AntiVirus
Virus.Win32.Sality.beygb
0.30.20.1219

Norman
Win32.Sality.3
03.12.2014 13:20:04

nProtect
Virus/W32.Sality.D
15.04.24.01

Panda Antivirus
W32/Sality.AA
15.04.25.04

Quick Heal
W32.Sality.U
4.15.14.00

Rising Antivirus
PE:Win32.KUKU.kt!1591113
23.00.65.15423

Sophos
Mal/Sality-D
4.98

Total Defense
Win32/Sality.AA
37.1.62.1

Trend Micro House Call
PE_SALITY.RL
7.2.115

Vba32 AntiVirus
Virus.Win32.Sality.bakb
3.12.26.3

VIPRE Antivirus
Threat.4721115
39354

ViRobot
Win32.Sality.Gen.A[h]
2014.3.20.0

File size:
2.3 MB (2,359,296 bytes)

Product version:
3, 0, 38, 1

Copyright:
Copyright © 2003

Original file name:
hpwuSchd.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\hewlett-packard\hp software update\hpwuschd2.exe

File PE Metadata
Compilation timestamp:
2/18/2004 2:55:27 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:cT4sfdH9hcW4NEsci9/yqC4cMqtzDargkFWbY95bPXDaOaqJS489nX8wpFd:JmdB4NEscihyqIOr1ScRzGsS468wH

Entry address:
0x1BD6

Entry point:
60, C6, C3, D1, B0, 6E, 0F, B7, EB, EB, 05, C6, C3, EC, 8B, C1, 81, FE, 43, F2, 00, 00, 74, 09, FF, CE, 88, FA, BB, F5, FD, 83, DF, 42, 0F, B6, D4, 70, 0C, 69, F0, 01, B8, 3F, 43, 69, D1, 22, C9, 85, 1A, 3D, F7, F9, 00, 00, 72, 05, 8B, EA, 86, ED, F2, 0F, AF, ED, 0F, AF, CE, 52, 71, 05, 86, ED, 4E, 8B, CF, 5A, FE, C5, 81, FE, F9, E6, 00, 00, 71, 05, 0F, AF, F7, 86, ED, 8B, DA, 76, 03, 0F, BF, EA, 73, 03, 0F, AF, CB, 53, FE, C1, 0F, BE, C8, FF, C1, 58, 0F, B6, CE, C7, C1, 1F, E0, 47, 82, 69, F5, 12, 3A, 42...
 
[+]

Entropy:
0.5671

Code size:
24 KB (24,576 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
HP Software Update

Command:
"C:\Program Files\hewlett-packard\hp software update\hpwuschd2.exe"


Remove hpwuschd2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.