home

Interop.SHDocVw.dll

Assembly imported from type library 'SHDocVw'.

Intertech Ltd

Shdocvw.dll is part of Internet Explorer (IExplorer.exe) and performs the HTML parsing and rendering. Shdocvw.dll hosts the Mshtml.dll component, as well as any other Active Document component that can be loaded in place in the browser when the user navigates to a specific document type. This DLL exposes interfaces allow it to be hosted separately as an ActiveX control. Interop.SHDocVw.dll is the Interop assembly for the Microsoft WebBrowser control and is recompiled by Intertech Ltd. The file Interop.SHDocVw.dll, re-signed by Intertech Ltd, is an Interop assembly that has been intergated by a 3rd-party into a .Net application, even though the assembly itself is most likely safe, it has been recompiled by a potentially unwanted program. Note, this is a common distributed file and although it has been detected it might not be a threat is un-coupled from its distribution source.
Publisher:
Intertech Ltd  (signed and verified)

Product:
Assembly imported from type library 'SHDocVw'.

Version:
1.1.0.0

MD5:
0696e95c318f96c38fce848be73a68d9

SHA-1:
00adb7aad502ae0b05033e015aa3190a61d39f80

SHA-256:
6569cae273d6029e7e06c22939294ad3aabe45445936c02630154e3ca5f918a3

Scanner detections:
2 / 68

Status:
Adware

Explanation:
This is the Interop assembly for the Microsoft WebBrowser control. While the file itself is not dangerous, it is part of a program that has been detected.

Analysis date:
5/7/2024 4:21:32 PM UTC  (today)

Scan engine
Detection
Engine version

McAfee
RDN/Generic PUP.x!xo
5600.7236

Reason Heuristics
PUP.ResignedInterop.Intertech.O
14.3.29.10

File size:
141.6 KB (144,968 bytes)

Product version:
1.1.0.0

Original file name:
Interop.SHDocVw.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\appdata\local\webalta toolbar\interop.shdocvw.dll

Digital Signature
Signed by:
Intertech Ltd

Authority:
VeriSign, Inc.

Valid from:
4/21/2011 3:00:00 AM

Valid to:
4/21/2013 2:59:59 AM

Subject:
CN=Intertech Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Intertech Ltd, L=St. Petersburg, S=St. Petersburg, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
07B3DF414C48C14206EA24DD0AFFB11C

File PE Metadata
Compilation timestamp:
5/9/2011 11:21:02 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:978/Sdgy1yjgB+vMdarYJmXEewSn49GrMB6/QVujEZC3It2b8RqPgFeT0pyHYdmV:l8/Sdgy1yjgB+vMdarYJmXEXSn49GrMk

Entry address:
0x2098E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
124 KB (126,976 bytes)

Remove Interop.SHDocVw.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.