home

Interop.SHDocVw.dll

Assembly imported from type library 'SHDocVw'.

Linkury

Shdocvw.dll is part of Internet Explorer (IExplorer.exe) and performs the HTML parsing and rendering. Shdocvw.dll hosts the Mshtml.dll component, as well as any other Active Document component that can be loaded in place in the browser when the user navigates to a specific document type. This DLL exposes interfaces allow it to be hosted separately as an ActiveX control. This is part of the Linkury monetization software, a web browser toolbar used to 'hijack' a user's search in order to collect revenues. Interop.SHDocVw.dll is the Interop assembly for the Microsoft WebBrowser control and is recompiled by Linkury. The file Interop.SHDocVw.dll, re-signed by Linkury, is an Interop assembly that has been intergated by a 3rd-party into a .Net application, even though the assembly itself is most likely safe, it has been recompiled by a potentially unwanted program. Although a detection has been made for this resource, it is generally a commonly distributed 3rd-party library and is typically safe by itself.
Publisher:
Linkury  (signed and verified)

Product:
Assembly imported from type library 'SHDocVw'.

Version:
1.1.0.0

MD5:
fa4b99f7e2420f04b7b7e0e71efeca69

SHA-1:
cafbaa9d4e283078201c223752bef6986e1612cb

SHA-256:
50bd44cbcef1e786ca4adfcba04347a8cb0cc533e718e350d60fed6862408b2b

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This is the Interop assembly for the Microsoft WebBrowser control. While the file itself is not dangerous, it is part of a program that has been detected.

Analysis date:
11/23/2024 3:51:30 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Linkury (M)
17.3.9.1

File size:
141.8 KB (145,240 bytes)

Product version:
1.1.0.0

Original file name:
Interop.SHDocVw.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\windows\assembly\gac_msil\interop.shdocvw\1.1.0.0__84542ff99aed6a4d\interop.shdocvw.dll

Digital Signature
Signed by:
Linkury

Authority:
VeriSign, Inc.

Valid from:
4/12/2012 2:00:00 AM

Valid to:
5/12/2015 1:59:59 AM

Subject:
CN=Linkury, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Linkury, L=Ramat Gan, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
77A9B89A06B99100955A838E8BB46FF8

File PE Metadata
Compilation timestamp:
9/1/2010 5:23:33 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x202DE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
124 KB (126,976 bytes)

Remove Interop.SHDocVw.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.