» gdiplus.dll
Overview
Analysis
File Details
Downloads (1)

gdiplus.dll

Microsoft GDI+

Microsoft Corporation

File name:

gdiplus.dll

Publisher:

Microsoft Corporation

Product:

Microsoft® Windows® Operating System

Description:

Microsoft GDI+

Version:

10.0.10586.20 (th2_release_sec.151123-1940)

MD5:

302a0be9fa2874a3e99c0e25c992e7c7

SHA-1:

062d541b0d5cb606067d2755832dd7226802f462

SHA-256:

e4bae18555f81aad2f12bcb3620bbe5e6de84f89dcefe4c4b3b26bdee0e51773

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/29/2024 2:27:30 AM UTC (today)

File size:

1.4 MB (1,467,392 bytes)

Product version:

10.0.10586.20

Original file name:

gdiplus

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.20_none_22adb5eaa762c7fa\gdiplus.dll

File PE Metadata

Compilation timestamp:

11/24/2015 2:59:27 AM

OS version:

10.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

12.10

CTPH (ssdeep):

24576:lPvIPkVzlI8Hvbqa+HN0lqgpgH4OSyfrj11j6FJwZgA0XdaKL3fPSi448ux1WTEb:1vIayH4OPkaKL3fPSi448G1WTEaeV6Cz

Entry address:

0x6E360

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, C8, 06, 00, 00, 5D, E9, 2A, 00, 00, 00, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, B8, 63, 73, 6D, E0, 39, 45, 08, 75, 0D, FF, 75, 0C, 50, E8, 2B, 05, 00, 00, 59, 59, 5D, C3, 33, C0, 5D, C3, CC, CC, CC, CC, CC, 6A, 30, 68, D8, 31, 14, 10, E8, 40, 07, 00, 00, C7, 45, E0, 01, 00, 00, 00, 33, F6, 89, 75, FC, 8B, 45, 0C, 83, F8, 01, 77, 05, A3, 00, 90, 14, 10, 83, 7D, 0C, 00, 75, 11, 83, 3D, 90, 96, 14, 10, 00, 75, 08, 89, 75, E0, E9, 39, 02, 00, 00, 8B, 45, 0C, 83... 
[+]

Code size:

1.3 MB (1,340,928 bytes)

The file gdiplus.dll has been seen being distributed by the following URL.

https://dub129.mail.live.com/.../ScanAttachment.aspx?messageid=mgiIpjlbr55RGOeGw75af7gA2&attindex=0&cp=-1&attdepth=0&blob=MHxHZGlQbHVzLmRsbHxhcHBsaWNhdGlvbi94LW1zZG93bmxvYWQ_3d&entryPt=download&biciPrevious=a3e0e2a4-6296-4580-a779-fd981e8cea2a_0087055c9d7_5705

Scan gdiplus.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.