home

Interop.IWshRuntimeLibrary.dll

Assembly imported from type library 'IWshRuntimeLibrary'.

Hike Zone Plus

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. Interop.IWshRuntimeLibrary.dll is the library is an interop assembly of the IWshRuntimeLibrary and is recompiled by Hike Zone Plus. The file Interop.IWshRuntimeLibrary.dll, re-signed by Hike Zone Plus, is an Interop assembly that has been intergated by a 3rd-party into a .Net application, even though the assembly itself is most likely safe, it has been recompiled by a potentially unwanted program. The library is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. Note, this is a common distributed file and although it has been detected it might not be a threat is un-coupled from its distribution source. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Hike Zone Plus  (signed and verified)

Product:
Assembly imported from type library 'IWshRuntimeLibrary'.

Version:
1.0.0.0

MD5:
1f9881f40594da5af8e03599ef0de664

SHA-1:
c4706caad185d2ecfa936f1f46d36a9a23babf16

SHA-256:
00da56e2e1d8ad98567fb442953b3f56f7b30a925c2f56800f43064745b435e1

Scanner detections:
8 / 68

Status:
Adware

Explanation:
This is the library is an interop assembly of the IWshRuntimeLibrary. While the file itself is not dangerous, it is part of a program that has been detected. Distributed through the Brightcircle investments brand.

Analysis date:
4/23/2024 7:02:31 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Crossrider-Z [PUP]
2014.9-141022

AVG
Generic
2015.0.3313

Clam AntiVirus
Win.Trojan.Googupdate-5
0.98/21411

Kaspersky
Trojan.NSIS.GoogUpdate
14.0.0.3062

nProtect
Trojan-Clicker/W32.Agent.53656
14.10.19.01

Qihoo 360 Security
Win32/Trojan.93d
1.0.0.1015

Reason Heuristics
PUP.ResignedInterop.HikeZonePlus.Z
14.10.22.15

Vba32 AntiVirus
Trojan.GoogUpdate
3.12.26.3

File size:
52.4 KB (53,656 bytes)

Product version:
1.0.0.0

Original file name:
Interop.IWshRuntimeLibrary.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\hd01-v2.1v25.09\interop.iwshruntimelibrary.dll

Digital Signature
Signed by:
Hike Zone Plus

Authority:
COMODO CA Limited

Subject:
CN=Hike Zone Plus, O=Hike Zone Plus, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
7DF4D8EF200BAB292519E3CF5597AD86

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:tx3LY+sPhWVJPsedLVDUYlkXrSXVteUdztHK2z9IkCB0QtcNg1Z:vL9nVJEetVDUxSp1K2z9ID03g1Z

Entry address:
0xA83E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.9244

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
36 KB (36,864 bytes)

Remove Interop.IWshRuntimeLibrary.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.