Interop.IWshRuntimeLibrary.dll

Assembly imported from type library 'IWshRuntimeLibrary'.

Robokid Technologies

By using the Crossrider framework, this web extension is loaded in the web browser and displays advertisments on web pages not affiliated by the extension or company. These unwanted advertisements are injected by the extension in the browser in the form of common ad types such as banners and text-links. Interop.IWshRuntimeLibrary.dll is the library is an interop assembly of the IWshRuntimeLibrary and is recompiled by Robokid Technologies. The file Interop.IWshRuntimeLibrary.dll, re-signed by Robokid Technologies, is an Interop assembly that has been intergated by a 3rd-party into a .Net application, even though the assembly itself is most likely safe, it has been recompiled by a potentially unwanted program. Although a detection has been made for this resource, it is generally a commonly distributed 3rd-party library and is typically safe by itself. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Robokid Technologies  (signed and verified)

Product:
Assembly imported from type library 'IWshRuntimeLibrary'.

Version:
1.0.0.0

MD5:
872a13ef3e15a9098a791878481f76cc

SHA-1:
4b8ae9278f3429b136c3524333eb6f31db25c62c

SHA-256:
970f629f8dc36fd73090fedd6ae58a07b64c05bec49efec1352068c179551dd3

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This is the library is an interop assembly of the IWshRuntimeLibrary. While the file itself is not dangerous, it is part of a program that has been detected.

Analysis date:
5/29/2020 5:52:47 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Brightcircle (M)
17.3.16.4

File size:
50 KB (51,224 bytes)

Product version:
1.0.0.0

Original file name:
Interop.IWshRuntimeLibrary.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\plus-hd-v1.1\interop.iwshruntimelibrary.dll

Digital Signature
Authority:
COMODO CA Limited

Valid from:
6/23/2014 1:00:00 AM

Valid to:
6/24/2015 12:59:59 AM

Subject:
CN=Robokid Technologies, O=Robokid Technologies, STREET=Athinodorou 3 Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00ECF35E880AD0F3BC6F82DFB1F2E84CC0

File PE Metadata
Compilation timestamp:
5/29/2014 10:17:51 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0xA83E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.7481

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
36 KB (36,864 bytes)

Remove Interop.IWshRuntimeLibrary.dll - Powered by Reason Core Security