home

zplugins.dll

Browser Distribution Services, Inc.

The module zplugins.dll by Browser Distribution Services has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory.
Publisher:
Browser Distribution Services, Inc.  (signed and verified)

Description:
release_20130815

Version:
0.0.0.0

MD5:
9ae443868fca4aa67ef60fd7ce381e52

SHA-1:
d9791d08f740b24cb27db184fbd21988d5f9dae7

SHA-256:
32b37dd80fb7ff0503ce6cbeddddbfe600727cddce500cb3e1ebcc6a33c0afe7

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/27/2024 3:03:05 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Zugo.BrowserDistributionServices (M)
16.2.11.2

File size:
737.7 KB (755,360 bytes)

Product version:
0.0.0.0

Original file name:
zplugins.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\zplugins.dll

Digital Signature
Signed by:
Browser Distribution Services, Inc.

Authority:
COMODO CA Limited

Valid from:
1/31/2013 7:00:00 PM

Valid to:
2/1/2015 6:59:59 PM

Subject:
CN="Browser Distribution Services, Inc.", O="Browser Distribution Services, Inc.", STREET="2711 Centerville Road, Suite 400", L=Wilmington, S=DE, PostalCode=19808, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3B259692789E76789FF829879954D882

File PE Metadata
Compilation timestamp:
8/15/2013 1:04:06 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:80FsQYftIIvGKzEHk2YHErP+CI+dfhyNDVLt0fJu+XUN9L7cgupkYX3/6Zr/f9uz:vO3ftIzPHk2V7I+fyJVKxXULHNekYm/w

Entry address:
0x7B1BA

Entry point:
F7, 81, 42, B8, 49, 08, 6B, 7F, 2B, E8, 25, CF, 07, C4, 5E, 7F, 4D, 88, 8B, 8F, 82, 18, F6, 3B, 08, 5D, E3, 47, 23, B3, FC, F6, 40, AB, 02, 87, 91, 46, 7E, 20, 74, 53, D0, 02, B9, E8, BB, CC, 12, 10, 0E, 43, C6, F9, FE, 65, 35, 89, A4, 21, 45, 7C, 7F, B1, 2E, EE, 7B, 86, 7C, EC, D3, C2, 52, 15, EB, 40, 0A, F8, D4, B2, 30, 12, 8B, C8, 3B, DE, 05, AC, 19, 49, 2C, 6A, C0, 2B, 93, D5, 23, 25, 8B, 92, F1, 8A, 61, B5, 4B, EB, A2, BC, 3D, 6F, B2, BE, C8, 3A, A1, 52, 3C, 2E, B0, 7E, 1D, 3C, 87, AA, 72, 0F, 62, 8D...
 
[+]

Entropy:
7.5202

Code size:
591 KB (605,184 bytes)

Remove zplugins.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.