home

Interop.IWshRuntimeLibrary.dll

Assembly imported from type library 'IWshRuntimeLibrary'.

Hike Zone Plus

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. Interop.IWshRuntimeLibrary.dll is the library is an interop assembly of the IWshRuntimeLibrary and is recompiled by Hike Zone Plus. The file Interop.IWshRuntimeLibrary.dll, re-signed by Hike Zone Plus, is an Interop assembly that has been intergated by a 3rd-party into a .Net application, even though the assembly itself is most likely safe, it has been recompiled by a potentially unwanted program. The library is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. Although a detection has been made for this resource, it is generally a commonly distributed 3rd-party library and is typically safe by itself. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Hike Zone Plus  (signed and verified)

Product:
Assembly imported from type library 'IWshRuntimeLibrary'.

Version:
1.0.0.0

MD5:
86f432784f5cdc949b0750d5b21b07e8

SHA-1:
1f2984cbf6084792bcfa59a1ee560d420447504c

SHA-256:
57161d57e0d708014303604f1576aa056266925480fbe1d6ef13bff950aba7ce

Scanner detections:
7 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/18/2024 3:32:18 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Crossrider-Z [PUP]
151024-0

Clam AntiVirus
Win.Trojan.Googupdate-5
0.98/21083

Dr.Web
Trojan.Crossrider1.25873
9.0.1.05190

ESET NOD32
Win32/Toolbar.CrossRider.BG potentially unwanted application
7.0.302.0

F-Prot
W32/Adware.ALDG
4.6.5.141

Reason Heuristics
PUP.ResignedInterop.HikeZonePlus.Z
14.9.20.20

VIPRE Antivirus
Threat.4150696
45208

File size:
52.4 KB (53,656 bytes)

Product version:
1.0.0.0

Original file name:
Interop.IWshRuntimeLibrary.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\cinema-shopt1.3v20.09\interop.iwshruntimelibrary.dll

Digital Signature
Signed by:
Hike Zone Plus

Authority:
COMODO CA Limited

Valid from:
8/19/2014 1:00:00 AM

Valid to:
8/20/2015 12:59:59 AM

Subject:
CN=Hike Zone Plus, O=Hike Zone Plus, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
7DF4D8EF200BAB292519E3CF5597AD86

File PE Metadata
Compilation timestamp:
5/29/2014 10:17:51 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:Qx3LY+sPhWVJPsedLVDUYlkXrSXVteUdztHK2z9IkCB0QtcNg11c:IL9nVJEetVDUxSp1K2z9ID03g11c

Entry address:
0xA83E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.9239

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
36 KB (36,864 bytes)

Remove Interop.IWshRuntimeLibrary.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.