home

Interop.IWshRuntimeLibrary.dll

Die Assembly wurde aus der Typbibliothek "IWshRuntimeLibrary" importiert.

Jonas Zimmermann

Interop.IWshRuntimeLibrary.dll is the library is an interop assembly of the IWshRuntimeLibrary and is recompiled by Jonas Zimmermann. The file Interop.IWshRuntimeLibrary.dll, re-signed by Jonas Zimmermann, is an Interop assembly that has been intergated by a 3rd-party into a .Net application, even though the assembly itself is most likely safe, it has been recompiled by a potentially unwanted program. Note, this is a common distributed file and although it has been detected it might not be a threat is un-coupled from its distribution source.
Publisher:
Jonas Zimmermann  (signed and verified)

Product:
Die Assembly wurde aus der Typbibliothek "IWshRuntimeLibrary" importiert.

Version:
1.0.0.0

MD5:
8e6d2df69c4243b493675e1e45fd93b8

SHA-1:
68cce5bb7e4bb4f68332b926aabf143aeb959f02

SHA-256:
8ee43a36e7e93976be93fd6f2c481d263bd15ab22f6a8a1d44bd622573cee1f1

Scanner detections:
1 / 68

Status:
Inconclusive but possibly unwanted  (It is part of a common redistributable library)

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/7/2024 6:03:49 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ResignedInterop.JonasZimmermann.Z
14.7.27.14

File size:
54.1 KB (55,384 bytes)

Product version:
1.0.0.0

Original file name:
Interop.IWshRuntimeLibrary.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\alternative flash player auto-updater\interop.iwshruntimelibrary.dll

Digital Signature
Signed by:
Jonas Zimmermann

Authority:
COMODO CA Limited

Valid from:
3/13/2013 8:00:00 PM

Valid to:
3/14/2014 7:59:59 PM

Subject:
CN=Jonas Zimmermann, O=Jonas Zimmermann, STREET=Bellmannskamp 16, L=Lüneburg, S=Niedersachsen, PostalCode=21339, C=DE

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0097B0E4EDFB699A04297A473C70575E9F

File PE Metadata
Compilation timestamp:
6/29/2013 7:12:48 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:gx3LY+sPhWVJP76jNHhJWkXrSXVteUdzt3J2z9IkCBzhUtcN1VxhEftUv:4L9nVJWdbvSpxJ2z9IDzp1rhEftu

Entry address:
0xA95E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.0945

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
36 KB (36,864 bytes)

Scan Interop.IWshRuntimeLibrary.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.