home

Interop.IWshRuntimeLibrary.dll

Assembly imported from type library 'IWshRuntimeLibrary'.

Gogo Network Club

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. Interop.IWshRuntimeLibrary.dll is the library is an interop assembly of the IWshRuntimeLibrary and is recompiled by Gogo Network Club. The file Interop.IWshRuntimeLibrary.dll, re-signed by Gogo Network Club, is an Interop assembly that has been intergated by a 3rd-party into a .Net application, even though the assembly itself is most likely safe, it has been recompiled by a potentially unwanted program. Note, this is a common distributed file and although it has been detected it might not be a threat is un-coupled from its distribution source. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Gogo Network Club  (signed and verified)

Product:
Assembly imported from type library 'IWshRuntimeLibrary'.

Version:
1.0.0.0

MD5:
780b83bbc394c087c900ebd844a79869

SHA-1:
3bc848c40b1b2ea3230edbd0d36484fb61448ee8

SHA-256:
0ac6662642eed1764f6c095e10775bb45e35743ac1b175e94e204dbed5847e47

Scanner detections:
5 / 68

Status:
Adware

Explanation:
This is the library is an interop assembly of the IWshRuntimeLibrary. While the file itself is not dangerous, it is part of a program that has been detected. Distributed through the Brightcircle investments brand.

Analysis date:
4/19/2024 10:16:30 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3316

Clam AntiVirus
Win.Trojan.Googupdate-5
0.98/21411

McAfee
Artemis!780B83BBC394
5600.6972

Reason Heuristics
PUP.ResignedInterop.GogoNetworkClub.Z
14.10.19.16

Vba32 AntiVirus
Trojan.GoogUpdate
3.12.26.3

File size:
52.4 KB (53,664 bytes)

Product version:
1.0.0.0

Original file name:
Interop.IWshRuntimeLibrary.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\browser+ apps+\interop.iwshruntimelibrary.dll

Digital Signature
Signed by:
Gogo Network Club

Authority:
COMODO CA Limited

Valid from:
8/18/2014 7:00:00 PM

Valid to:
8/19/2015 6:59:59 PM

Subject:
CN=Gogo Network Club, O=Gogo Network Club, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
75BF783471861CAD78DE03A20768BF56

File PE Metadata
Compilation timestamp:
5/29/2014 4:17:51 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:kx3LY+sPhWVJPsedLVDUYlkXrSXVteUdztHK2z9IkCB0QtcNgtT+:UL9nVJEetVDUxSp1K2z9ID03gx+

Entry address:
0xA83E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.9248

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
36 KB (36,864 bytes)

Remove Interop.IWshRuntimeLibrary.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.