pepflashplayer.dll

Shockwave Flash

CLARALABSOFTWARE

The module pepflashplayer.dll, “Shockwave Flash 18.0 r0” by CLARALABSOFTWARE has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Adobe Systems, Inc.  (signed by CLARALABSOFTWARE)

Product:
Shockwave Flash

Description:
Shockwave Flash 18.0 r0

Version:
18,0,0,209

MD5:
f4176a2bc49b8b73d623b1df09145614

SHA-1:
2bc84c50b61c860996c6f6468f8471925d2fa3e9

SHA-256:
9c95af5afa1a611ce6ca6501e162552db221d8dd658e961790b81bd1ef92fe7a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 1:52:52 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.CLARALAB (M)
16.6.7.4

File size:
15.6 MB (16,307,624 bytes)

Product version:
18,0,0,209

Copyright:
Adobe® Flash® Player. Copyright © 1996 - 2015 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered tra

Trademarks:
Adobe Flash Player

Original file name:
pepflashplayer.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\beaglebrowser\application\42.0.2311.95\pepperflash\pepflashplayer.dll

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
12/17/2014 3:11:04 PM

Valid to:
12/17/2015 3:11:04 PM

Subject:
CN=CLARALABSOFTWARE, O=CLARALABSOFTWARE, L=Paris, C=FR

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B0709ADBE1F3C

File PE Metadata
Compilation timestamp:
7/12/2015 6:40:21 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
393216:pjioagsTSXTZKRzmrrKe6NlOu/kcqezDNyxHD48ZznuhoOA:pjipgsmKzkrKe6NmbezZyxHD48ZzCW

Entry address:
0x75144B

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 44, A1, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, A3, D8, F4, EE, 10, 5D, C3, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, DC, 47, E2, 10, 33, C5, 89, 45, FC, 53, 8B, 5D, 08, 57, 83, FB, FF, 74, 07, 53, E8, 98, A1, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 6A, 4C, 8D, 85, E4, FC, FF, FF, 6A, 00, 50, E8, 96, A1, 00, 00, 8D, 85, E0, FC, FF, FF, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF...
 
[+]

Code size:
10.9 MB (11,465,728 bytes)

Remove pepflashplayer.dll - Powered by Reason Core Security