home

Interop.IWshRuntimeLibrary.dll

Assembly imported from type library 'IWshRuntimeLibrary'.

BadFinger Project (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. Interop.IWshRuntimeLibrary.dll is the library is an interop assembly of the IWshRuntimeLibrary and is recompiled by BadFinger Project (BrightCircle Investments Limited). The file Interop.IWshRuntimeLibrary.dll, re-signed by BadFinger Project (BrightCircle Investments Limited), is an Interop assembly that has been intergated by a 3rd-party into a .Net application, even though the assembly itself is most likely safe, it has been recompiled by a potentially unwanted program. Note, this is a common distributed file and although it has been detected it might not be a threat is un-coupled from its distribution source. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
BadFinger Project (BrightCircle Investments Limited)  (signed and verified)

Product:
Assembly imported from type library 'IWshRuntimeLibrary'.

Version:
1.0.0.0

MD5:
1ea2deeb3ca78d6dfd18330a7b976ed9

SHA-1:
a0b76b90911dda5779687218a10feaddc777d49f

SHA-256:
9a0f6cf854f53ed06bdb39ac9397fd18c0efcf82f0092ef6d74eb85c4db20db8

Scanner detections:
8 / 68

Status:
Adware

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage). Distributed through the Brightcircle investments brand.

Analysis date:
4/20/2024 3:16:11 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3253

Clam AntiVirus
Win.Trojan.Googupdate-5
0.98/21511

ESET NOD32
Win32/Toolbar.CrossRider.BM (variant)
8.10911

Kaspersky
not-a-virus:AdWare.NSIS.Adwapper
14.0.0.2760

McAfee
Artemis!1EA2DEEB3CA7
5600.6909

Reason Heuristics
PUP.ResignedInterop.BadFingerProjectBrightCircleInvestmentsLimited.Z
14.12.21.22

Sophos
Generic PUA KA
4.98

Vba32 AntiVirus
Trojan.GoogUpdate
3.12.26.3

File size:
52.5 KB (53,728 bytes)

Product version:
1.0.0.0

Original file name:
Interop.IWshRuntimeLibrary.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\browserappsplus2.1\interop.iwshruntimelibrary.dll

Digital Signature
Signed by:
BadFinger Project (BrightCircle Investments Limited)

Authority:
COMODO CA Limited

Valid from:
11/16/2014 4:00:00 PM

Valid to:
11/17/2015 3:59:59 PM

Subject:
CN=BadFinger Project (BrightCircle Investments Limited), O=BadFinger Project (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6623FAFCAC357577A31D90C1E567E9A7

File PE Metadata
Compilation timestamp:
5/29/2014 2:17:51 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:0x3LY+sPhWVJPsedLVDUYlkXrSXVteUdztHK2z9IkCB0QtcNggh:EL9nVJEetVDUxSp1K2z9ID03ggh

Entry address:
0xA83E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.9281

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
36 KB (36,864 bytes)

Remove Interop.IWshRuntimeLibrary.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.