home

libGLESv2.dll

ANGLE libGLESv2 Dynamic Link Library

Shulan Hou

libGLESv2.dll is the ANGLE library provides seamlessly WebGL and other OpenGL content by translating OpenGL calls to DirectX calls (version 2) and is recompiled by Shulan Hou. The module libGLESv2.dll by Shulan Hou has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. Note, this is a common distributed file and although it has been detected it might not be a threat is un-coupled from its distribution source.
Publisher:
Shulan Hou  (signed and verified)

Product:
ANGLE libGLESv2 Dynamic Link Library

Version:
2.1.0.unknown hash

MD5:
b68d0eaff128e85597f513fa2db67dcf

SHA-1:
ef0495296cde7c94201413fd893d72a7483e7575

SHA-256:
d1cc0ff1303b9f438bf8419c085e9c539f0ae90cc13eeec9f9d05fa814514a3e

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This is the ANGLE library provides seamlessly WebGL and other OpenGL content by translating OpenGL calls to DirectX calls (version 2). While the file itself is not dangerous, it is part of a program that has been detected.

Analysis date:
11/27/2024 2:45:35 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ELEX (M)
16.8.22.13

File size:
1.7 MB (1,763,200 bytes)

Product version:
2.1.0.unknown hash

Copyright:
Copyright (C) 2015 Google Inc.

Original file name:
libGLESv2.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\bagbin\application\libglesv2.dll

Digital Signature
Signed by:
Shulan Hou

Authority:
thawte, Inc.

Valid from:
8/21/2016 9:00:00 PM

Valid to:
6/13/2017 8:59:59 PM

Subject:
CN=Shulan Hou, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
58D977998990941725A12A8E95E680E8

File PE Metadata
Compilation timestamp:
8/8/2016 10:59:38 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
14.0

CTPH (ssdeep):
24576:hzRZ8zGqoY2Uhz1i4Q6LuT11c1nAJe6ELIf8bQ3/eO9am251U4eZRtr63Y:lNqtpm6iT34AJeqUi/z9/251U/63Y

Entry address:
0x12B0BD

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 0F, 09, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 9E, FE, FF, FF, 83, C4, 0C, 5D, C2, 0C, 00, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1.3 MB (1,369,600 bytes)

Remove libGLESv2.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.