» Interop.IWshRuntimeLibrary.dll
Overview
Analysis
File Details

Interop.IWshRuntimeLibrary.dll

Assembly imported from type library 'IWshRuntimeLibrary'.

Airwaves Moves

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. Interop.IWshRuntimeLibrary.dll is the library is an interop assembly of the IWshRuntimeLibrary and is recompiled by Airwaves Moves. The file Interop.IWshRuntimeLibrary.dll, re-signed by Airwaves Moves, is an Interop assembly that has been intergated by a 3rd-party into a .Net application, even though the assembly itself is most likely safe, it has been recompiled by a potentially unwanted program. Although a detection has been made for this resource, it is generally a commonly distributed 3rd-party library and is typically safe by itself. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

Airwaves Moves (signed and verified)

Product:

Assembly imported from type library 'IWshRuntimeLibrary'.

Version:

1.0.0.0

MD5:

cc0fa8afe7185aeec086f8556b60b05e

SHA-1:

69ec5b3932c8b33813393b399a597fa550919fd9

Scanner detections:

1 / 68

Status:

Adware

Explanation:

This is the library is an interop assembly of the IWshRuntimeLibrary. While the file itself is not dangerous, it is part of a program that has been detected.

Analysis date:

4/24/2024 11:06:50 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Brightcircle (M)

17.3.16.0

File size:

52.4 KB (53,656 bytes)

Product version:

1.0.0.0

Original file name:

Interop.IWshRuntimeLibrary.dll

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\cinedpv2\interop.iwshruntimelibrary.dll

Digital Signature

Signed by:

Airwaves Moves

Authority:

COMODO CA Limited

Valid from:

8/14/2014 2:00:00 AM

Valid to:

8/15/2015 1:59:59 AM

Subject:

CN=Airwaves Moves, O=Airwaves Moves, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

1B38D9E53AEB06C578CCDBFFEAA46567

File PE Metadata

Compilation timestamp:

5/29/2014 11:17:51 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

Entry address:

0xA83E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

36 KB (36,864 bytes)

Remove Interop.IWshRuntimeLibrary.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.