» Interop.IWshRuntimeLibrary.dll
Overview
Analysis
File Details

Interop.IWshRuntimeLibrary.dll

Die Assembly wurde aus der Typbibliothek "IWshRuntimeLibrary" importiert.

Jonas Zimmermann

Interop.IWshRuntimeLibrary.dll is the library is an interop assembly of the IWshRuntimeLibrary and is recompiled by Jonas Zimmermann. The file Interop.IWshRuntimeLibrary.dll, re-signed by Jonas Zimmermann, is an Interop assembly that has been intergated by a 3rd-party into a .Net application, even though the assembly itself is most likely safe, it has been recompiled by a potentially unwanted program. Note, this is a common distributed file and although it has been detected it might not be a threat is un-coupled from its distribution source.

File name:

Publisher:

Jonas Zimmermann (signed and verified)

Product:

Die Assembly wurde aus der Typbibliothek "IWshRuntimeLibrary" importiert.

Version:

1.0.0.0

MD5:

420f93abb134024559d005b250b8b4fc

SHA-1:

45142daa61b395150189fdacf25f6827d7247f0f

SHA-256:

d5999d4fbb30bbae1c86adbd2d409249dfce427d7095ecd53ab0e820e09315c5

Scanner detections:

1 / 68

Status:

Inconclusive but possibly unwanted (It is part of a common redistributable library)

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/18/2024 5:29:49 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ResignedInterop.JonasZimmermann.Z

14.7.27.14

File size:

54.1 KB (55,384 bytes)

Product version:

1.0.0.0

Original file name:

Interop.IWshRuntimeLibrary.dll

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\alternative flash player auto-updater\interop.iwshruntimelibrary.dll

Digital Signature

Signed by:

Jonas Zimmermann

Authority:

COMODO CA Limited

Valid from:

3/14/2013 5:30:00 AM

Valid to:

3/15/2014 5:29:59 AM

Subject:

CN=Jonas Zimmermann, O=Jonas Zimmermann, STREET=Bellmannskamp 16, L=Lüneburg, S=Niedersachsen, PostalCode=21339, C=DE

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0097B0E4EDFB699A04297A473C70575E9F

File PE Metadata

Compilation timestamp:

4/14/2012 2:54:35 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

768:5ax3LY+sPhWVJP76jNHhJWkXrSXVteUdzt3J2z9IkCB4hUtcN1MxhEftUXgk:56L9nVJWdbvSpxJ2z9ID4p1whEftzk

Entry address:

0xA95E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.0950

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

36 KB (36,864 bytes)

Scan Interop.IWshRuntimeLibrary.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.