File name:

HPDCSetup.exe

Full analysis: https://app.any.run/tasks/7693ba6d-9477-4a07-bd22-588f903668f2
Verdict: Malicious activity
Analysis date: October 18, 2023, 09:45:12
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

0706D5650EC097BC9A01D186D698DB96

SHA1:

54B6BE5E35AAD2D90B1AB36F66E4D9306FCDB741

SHA256:

8622300C9526CF08D4BABB9E68CAF8FEAFDAFA30F328BDD89886BC6646120870

SSDEEP:

98304:Tgip7jUceBxBPAPsByPo2OugPDFnWIwHlyAmH8GK0SejWvsLCmHbozfevw5MmTYw:GA65Hi

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • HPDCSetup.exe (PID: 2732)

    • Loads dropped or rewritten executable

      • HPDCSetup.exe (PID: 2732)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • HPDCSetup.exe (PID: 2732)

    • The process creates files with name similar to system file names

      • HPDCSetup.exe (PID: 2732)

    • Starts application with an unusual extension

      • HPDCSetup.exe (PID: 2732)

  • INFO

    • Reads the computer name

      • HPDCSetup.exe (PID: 2732)

    • Create files in a temporary directory

      • HPDCSetup.exe (PID: 2732)

    • Checks supported languages

      • HPDCSetup.exe (PID: 2732)
      • nsDE5B.tmp (PID: 2940)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2014:10:07 06:40:26+02:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 25088
InitializedDataSize: 186368
UninitializedDataSize: 2048
EntryPoint: 0x322e
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 5.2.35.0
ProductVersionNumber: 5.2.35.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: ASCII
Comments: Supports x64 and Win32
CompanyName: HP Inc.
FileDescription: Installer for HP Display Control Service
FileVersion: 5.2.35.0
LegalCopyright: (c) 1993-2023 Portrait Displays, Inc. All rights reserved.
LegalTrademarks: App Sync is a trademark of Portrait Displays, Inc
ProductName: HP Display Control Service
ProductVersion: 5.2.35.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start hpdcsetup.exe nsde5b.tmp no specs hpdcsetup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2732"C:\Users\admin\AppData\Local\Temp\HPDCSetup.exe" C:\Users\admin\AppData\Local\Temp\HPDCSetup.exe
explorer.exe
User:
admin
Company:
HP Inc.
Integrity Level:
HIGH
Description:
Installer for HP Display Control Service
Exit code:
1633
Version:
5.2.35.0
Modules
Images
c:\users\admin\appdata\local\temp\hpdcsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
2940"C:\Users\admin\AppData\Local\Temp\nsvC0CE.tmp\nsDE5B.tmp" "C:\Users\admin\AppData\Local\Temp\nscDE4A.tmp.exe"C:\Users\admin\AppData\Local\Temp\nsvC0CE.tmp\nsDE5B.tmpHPDCSetup.exe
User:
admin
Company:
nullsoft
Integrity Level:
HIGH
Description:
NSIS: Nullsoft Scriptable Install
Exit code:
3221225501
Version:
3.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\nsvc0ce.tmp\nsde5b.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3820"C:\Users\admin\AppData\Local\Temp\HPDCSetup.exe" C:\Users\admin\AppData\Local\Temp\HPDCSetup.exeexplorer.exe
User:
admin
Company:
HP Inc.
Integrity Level:
MEDIUM
Description:
Installer for HP Display Control Service
Exit code:
3221226540
Version:
5.2.35.0
Modules
Images
c:\users\admin\appdata\local\temp\hpdcsetup.exe
c:\windows\system32\ntdll.dll
Total events
692
Read events
692
Write events
0
Delete events
0

Modification events

No data
Executable files
5
Suspicious files
0
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
2732HPDCSetup.exeC:\Users\admin\AppData\Local\Temp\nsvC0CE.tmp\System.dllexecutable
MD5:F6B390D8B040B970CBD2C559CF4C9D88
SHA256:4FA52EB5C11B8C1CD70EA8F3FA17DE322B3583D9AFA2BC6440B06EECDF819FC5
2732HPDCSetup.exeC:\Users\admin\AppData\Local\Temp\nsvC0CE.tmp\LangDLL.dllexecutable
MD5:7EF3BB9B4CA63D94242A5E5242CAD473
SHA256:DFDD523A7AB0F869D6D4178CAC72EA761B465ECF155E44E2A42F39FB11C56D6B
2732HPDCSetup.exeC:\Users\admin\AppData\Local\Temp\nsvC0CE.tmp\modern-wizard.bmpimage
MD5:CBE40FD2B1EC96DAEDC65DA172D90022
SHA256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
2732HPDCSetup.exeC:\Users\admin\AppData\Local\Temp\nsvC0CE.tmp\nsExec.dllexecutable
MD5:278F0D8548D02D0E8784E9085D2D1D07
SHA256:CA7F05F7C6DD2612103359D35DA68AB0FF080127D42E1C423C0764C4F6BF9070
2732HPDCSetup.exeC:\Users\admin\AppData\Local\Temp\nscDE4A.tmp.exeexecutable
MD5:AEFEFA3343985B3929FF35DA03FD06E6
SHA256:2448BB8856BEBF7F7DF6B20E1732926DBAF916D851E4B135ED7857A4EEDE5C6D
2732HPDCSetup.exeC:\Users\admin\AppData\Local\Temp\nsvC0CE.tmp\nsDE5B.tmpexecutable
MD5:278F0D8548D02D0E8784E9085D2D1D07
SHA256:CA7F05F7C6DD2612103359D35DA68AB0FF080127D42E1C423C0764C4F6BF9070
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2656
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
HPDCSetup.exe