× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 070516225f725dc42553574ada44725b1fd0150be8c0cd7877bfc30544d92362
File name: Adobe Flash Player 11.6
Detection ratio: 0 / 63
Analysis date: 2018-05-22 00:47:10 UTC ( 10 months, 1 week ago )
Antivirus Result Update
Ad-Aware 20180521
AegisLab 20180521
AhnLab-V3 20180521
Alibaba 20180521
Antiy-AVL 20180522
Arcabit 20180522
Avast 20180521
Avast-Mobile 20180520
AVG 20180521
Avira (no cloud) 20180521
AVware 20180521
Babable 20180406
Baidu 20180521
BitDefender 20180521
Bkav 20180521
CAT-QuickHeal 20180521
ClamAV 20180521
CMC 20180521
Comodo 20180521
CrowdStrike Falcon (ML) 20180202
Cybereason None
Cylance 20180522
Cyren 20180521
DrWeb 20180522
eGambit 20180522
Emsisoft 20180521
Endgame 20180507
ESET-NOD32 20180521
F-Prot 20180521
F-Secure 20180522
Fortinet 20180521
GData 20180521
Sophos ML 20180504
Jiangmin 20180522
K7AntiVirus 20180521
K7GW 20180522
Kaspersky 20180521
Kingsoft 20180522
Malwarebytes 20180522
MAX 20180522
McAfee 20180521
McAfee-GW-Edition 20180521
Microsoft 20180521
eScan 20180521
NANO-Antivirus 20180522
nProtect 20180521
Palo Alto Networks (Known Signatures) 20180522
Panda 20180521
Qihoo-360 20180522
Rising 20180521
SentinelOne (Static ML) 20180225
Sophos AV 20180522
SUPERAntiSpyware 20180521
Symantec 20180522
Symantec Mobile Insight 20180522
Tencent 20180522
TheHacker 20180516
TotalDefense 20180520
TrendMicro 20180521
TrendMicro-HouseCall 20180522
Trustlook 20180522
VBA32 20180521
VIPRE 20180522
ViRobot 20180521
Yandex 20180518
Zillya 20180521
ZoneAlarm by Check Point 20180521
Zoner 20180522
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Adobe® Flash® Player. Copyright © 1996 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries.

Product Shockwave Flash
Original name pepflashplayer.dll
Internal name Adobe Flash Player 11.6
File version 11,6,602,167
Description Shockwave Flash 11.6 r602
Signature verification Signed file, verified signature
Signing date 12:14 AM 2/3/2013
Signers
[+] Adobe Systems Incorporated
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 2:00 AM 9/24/2012
Valid to 1:59 AM 10/2/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 0DA4BF5A428C444A209EC3720EB7A9EE28C3CF9B
Serial number 4D 4A A1 FD F2 6F 9F 33 53 D6 26 14 ED A6 62 37
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 2:00 AM 2/8/2010
Valid to 1:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 2:00 AM 11/8/2006
Valid to 1:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 2:00 AM 10/18/2012
Valid to 1:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 2:00 AM 12/21/2012
Valid to 1:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 2:00 AM 1/1/1997
Valid to 1:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-02 22:14:34
Entry Point 0x0063814B
Number of sections 8
PE sections
Overlays
MD5 87dea49ee0989ccd41740fc3046953f2
File type data
Offset 12632064
Size 6512
Entropy 7.31
PE imports
CryptDestroyKey
CryptReleaseContext
RegisterEventSourceW
DeregisterEventSource
SystemFunction036
CryptExportKey
CryptGenRandom
CryptAcquireContextW
CryptEncrypt
ReportEventW
CryptGenKey
CryptImportKey
CertCreateCertificateContext
CertFreeCertificateContext
CertCompareCertificate
CertCloseStore
CryptGetMessageCertificates
CertFindCertificateInStore
CryptVerifyMessageSignature
CertVerifySubjectCertificateContext
DeleteDC
CreateFontIndirectW
SelectObject
EnumFontFamiliesExW
GetFontData
CreateCompatibleDC
DeleteObject
GetStdHandle
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
CreateWaitableTimerA
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
DebugBreak
QueueUserAPC
GetExitCodeProcess
DisconnectNamedPipe
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
UnhandledExceptionFilter
GetFileInformationByHandle
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
SetEvent
LocalFree
SetWaitableTimer
CreateEventW
FindClose
InterlockedDecrement
EncodePointer
OutputDebugStringA
SetLastError
PeekNamedPipe
OpenThread
InitializeCriticalSection
RemoveDirectoryW
TryEnterCriticalSection
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
GetFileAttributesW
RaiseException
EnumSystemLocalesA
SetThreadPriority
GetUserDefaultLCID
EnumSystemLocalesW
TlsGetValue
MultiByteToWideChar
SetFilePointerEx
CreateMutexA
InterlockedExchangeAdd
CreateThread
RtlCaptureStackBackTrace
DeleteCriticalSection
CreateSemaphoreW
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetEnvironmentVariableA
GlobalMemoryStatus
SetUnhandledExceptionFilter
GetVersion
VirtualQuery
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SleepEx
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetSystemTime
SetHandleCount
LoadLibraryW
DeviceIoControl
GetVersionExW
FreeLibrary
QueryPerformanceCounter
ReadConsoleInputA
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
FlushConsoleInputBuffer
GetFileSize
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTimeFormatW
GetFileSizeEx
GetModuleFileNameW
FreeEnvironmentStringsW
FindFirstFileExA
FindNextFileW
ResetEvent
CreateFileMappingA
FindFirstFileW
IsValidLocale
HeapCreate
WaitForMultipleObjects
GetProcessAffinityMask
GetTimeZoneInformation
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
GetCurrencyFormatW
InterlockedIncrement
GetNativeSystemInfo
GetLastError
SystemTimeToFileTime
LCMapStringW
SetConsoleMode
GetSystemInfo
lstrlenA
GetConsoleCP
CompareStringW
GetEnvironmentStringsW
lstrlenW
VirtualFree
CancelWaitableTimer
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetCurrentProcessId
GetCPInfo
HeapSize
GetCommandLineA
InterlockedCompareExchange
GetCurrentThread
lstrcpynW
QueryPerformanceFrequency
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SwitchToThread
GetFileAttributesExW
CreateProcessA
IsValidCodePage
UnmapViewOfFile
GetNumberFormatW
CreateProcessW
Sleep
TerminateProcess
SetConsoleCtrlHandler
VirtualAlloc
GetOEMCP
VariantClear
SysFreeString
SysStringLen
VariantInit
SysAllocString
SHGetFolderPathW
ShellExecuteW
ShellExecuteExW
SHCreateDirectoryExW
Ord(165)
Ord(12)
AssocQueryStringW
UrlCanonicalizeW
EnumDisplayMonitors
GetMonitorInfoW
GetForegroundWindow
GetWindowRect
EnumDisplayDevicesA
SetRectEmpty
WaitForInputIdle
GetUserObjectInformationW
GetDesktopWindow
GetClientRect
GetMonitorInfoA
wsprintfW
MessageBoxW
GetProcessWindowStation
MonitorFromRect
GetDC
WindowFromDC
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
timeKillEvent
timeSetEvent
timeGetTime
getaddrinfo
htonl
ntohl
freeaddrinfo
ntohs
htons
GdipDrawImageRect
GdiplusShutdown
GdipSetInterpolationMode
GdipDisposeImage
GdipBitmapUnlockBits
GdipGetImageHeight
GdipGetImageWidth
GdipAlloc
GdipBitmapLockBits
GdipCloneImage
GdiplusStartup
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipFree
GdipDeleteGraphics
GdipCreateBitmapFromStream
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoCreateInstance
CoFreeUnusedLibraries
CoTaskMemFree
CoSetProxyBlanket
PE exports
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
Adobe Flash Player

SubsystemVersion
5.1

InitializedDataSize
3305984

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
11.6.602.167

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Shockwave Flash 11.6 r602

CharacterSet
Windows, Latin1

LinkerVersion
10.0

EntryPoint
0x63814b

OriginalFileName
pepflashplayer.dll

MIMEType
application/x-shockwave-flash|application/futuresplash

LegalCopyright
Adobe Flash Player. Copyright 1996 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries.

FileExtents
swf|spl|mfp

FileOpenName
Adobe Flash movie (*.swf)|FutureSplash movie (*.spl)|Adobe Flash Paper (*.mfp)

FileVersion
11,6,602,167

TimeStamp
2013:02:02 23:14:34+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
Adobe Flash Player 11.6

ProductVersion
11,6,602,167

UninitializedDataSize
0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

Debugger
0

CompanyName
Adobe Systems, Inc.

CodeSize
9325056

ProductName
Shockwave Flash

ProductVersionNumber
11.6.602.167

FileTypeExtension
dll

ObjectFileType
Dynamic link library

File identification
MD5 7114070d9bda5901b692d896a001ec95
SHA1 aa7a498b1e4e48af9df911372b5055b2bbb07a81
SHA256 070516225f725dc42553574ada44725b1fd0150be8c0cd7877bfc30544d92362
ssdeep
393216:3Hj/WyIGm2uppyDNpV9iKrJxPekig4LEqRjHwLZQB:3j/lZXup07iKrJxPekR4LjwLyB

authentihash 0735a96af998182a0ae88b04ab7a410fdace3c9e430511bb4915a7b9207d9575
imphash ce024d9eef03437355e9fbaa1222c6cb
File size 12.1 MB ( 12638576 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (48.1%)
Win64 Executable (generic) (32.0%)
Win32 Dynamic Link Library (generic) (7.6%)
Win32 Executable (generic) (5.2%)
OS/2 Executable (generic) (2.3%)
Tags
pedll signed overlay

VirusTotal metadata
First submission 2013-02-12 19:28:05 UTC ( 6 years, 1 month ago )
Last submission 2018-05-22 00:47:10 UTC ( 10 months, 1 week ago )
File names pepflashplayer.dll
pepflashplayer.dll
pepflashplayer.dll
file-5145843_DLL
pepflashplayer.dll
pepflashplayer.dll
avz00008.dta
pepflashplayer.dll
pepflashplayer.dll
pepflashplayer.dll
pepflashplayer.dll
pepflashplayer.dll
pepflashplayer.dll
Adobe Flash Player 11.6
pepflashplayer.dll.002
pepflashplayer.dll
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!