home

Interop.SHDocVw.dll

Assembly imported from type library 'SHDocVw'.

Linkury

Shdocvw.dll is part of Internet Explorer (IExplorer.exe) and performs the HTML parsing and rendering. Shdocvw.dll hosts the Mshtml.dll component, as well as any other Active Document component that can be loaded in place in the browser when the user navigates to a specific document type. This DLL exposes interfaces allow it to be hosted separately as an ActiveX control. This is part of the Linkury monetization software, a web browser toolbar used to 'hijack' a user's search in order to collect revenues. Interop.SHDocVw.dll is the Interop assembly for the Microsoft WebBrowser control and is recompiled by Linkury. The file Interop.SHDocVw.dll, re-signed by Linkury, is an Interop assembly that has been intergated by a 3rd-party into a .Net application, even though the assembly itself is most likely safe, it has been recompiled by a potentially unwanted program. Note, this is a common distributed file and although it has been detected it might not be a threat is un-coupled from its distribution source.
Publisher:
Linkury  (signed and verified)

Product:
Assembly imported from type library 'SHDocVw'.

Version:
1.1.0.0

MD5:
9d58e579241746c77f0fc917e2777e8d

SHA-1:
50f738686e9b0fefb245386440424b46792d03b4

SHA-256:
08fb4074adb58c6af2d8d73ca9280ad1965345b55a5ee08c4ab45208c4c7eeb4

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This is the Interop assembly for the Microsoft WebBrowser control. While the file itself is not dangerous, it is part of a program that has been detected.

Analysis date:
11/23/2024 4:00:47 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Linkury (M)
17.2.26.14

File size:
142.3 KB (145,688 bytes)

Product version:
1.1.0.0

Original file name:
Interop.SHDocVw.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\windows\assembly\gac_msil\interop.shdocvw\1.1.0.0__84542ff99aed6a4d\interop.shdocvw.dll

Digital Signature
Signed by:
Linkury

Authority:
VeriSign, Inc.

Valid from:
4/12/2012 2:00:00 AM

Valid to:
5/12/2015 1:59:59 AM

Subject:
CN=Linkury, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Linkury, L=Ramat Gan, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
77A9B89A06B99100955A838E8BB46FF8

File PE Metadata
Compilation timestamp:
9/1/2010 5:23:33 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x202DE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
124 KB (126,976 bytes)

Remove Interop.SHDocVw.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.