home

Interop.SHDocVw.dll

Assembly imported from type library 'SHDocVw'.

ReSoft LTD.

Shdocvw.dll is part of Internet Explorer (IExplorer.exe) and performs the HTML parsing and rendering. Shdocvw.dll hosts the Mshtml.dll component, as well as any other Active Document component that can be loaded in place in the browser when the user navigates to a specific document type. This DLL exposes interfaces allow it to be hosted separately as an ActiveX control. Interop.SHDocVw.dll is the Interop assembly for the Microsoft WebBrowser control and is recompiled by ReSoft LTD.. The file Interop.SHDocVw.dll, re-signed by ReSoft LTD., is an Interop assembly that has been intergated by a 3rd-party into a .Net application, even though the assembly itself is most likely safe, it has been recompiled by a potentially unwanted program. Although a detection has been made for this resource, it is generally a commonly distributed 3rd-party library and is typically safe by itself.
Publisher:
ReSoft LTD.  (signed and verified)

Product:
Assembly imported from type library 'SHDocVw'.

Version:
1.1.0.0

MD5:
55a460d51912bde3d485ad0653baa958

SHA-1:
ee6aba15f2f7d6032178ba8396dff0636e01bf57

SHA-256:
59a9248d0ae75e567d8cadfc47f61347635bccbe52427522097c50546a785cf9

Scanner detections:
1 / 68

Status:
Inconclusive but possibly unwanted  (It is part of a common redistributable library)

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/25/2024 2:58:31 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ResignedInterop.ReSoft.O
14.10.19.18

File size:
143 KB (146,432 bytes)

Product version:
1.1.0.0

Original file name:
Interop.SHDocVw.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\appdata\local\smartbar\application\interop.shdocvw.dll

Digital Signature
Signed by:
ReSoft LTD.

Authority:
COMODO CA Limited

Valid from:
7/30/2012 8:00:00 AM

Valid to:
7/31/2013 7:59:59 AM

Subject:
CN=ReSoft LTD., O=ReSoft LTD., STREET=4th Hanevi'im, L=Tel Aviv, S=Israel, PostalCode=64356, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
7ABDE829D4244ADA77EE42C7A70C0FA3

File PE Metadata
Compilation timestamp:
9/1/2010 11:23:33 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:aP+bWlaVHMhGjIdCf05e7w16BuIJyzEVefgBarctG345ij0FOPQxKbMd2nopSTk5:u+bWlaVHMhGjIdCf05e7w16UIJyzEVeg

Entry address:
0x202DE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.4362

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
124 KB (126,976 bytes)

Scan Interop.SHDocVw.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.