» gdiplus.dll
Overview
Analysis
File Details
Downloads (3)

gdiplus.dll

Microsoft GDI+

Microsoft Corporation

File name:

gdiplus.dll

Publisher:

Microsoft Corporation (signed and verified)

Product:

Microsoft® Windows® Operating System

Description:

Microsoft GDI+

Version:

5.1.3097.0 (xpclient.010817-1148)

MD5:

3317698f2090dd811f0aa93190e13c82

SHA-1:

c38988e544df349bcfe4b51cb383ab206e2fc06b

SHA-256:

830915b87cbc95217f58b8b499f73b618607c0164e0aa1217722eae18c1fb321

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

4/25/2024 1:15:51 AM UTC (today)

File size:

1.6 MB (1,706,800 bytes)

Product version:

5.1.3097.0

Original file name:

gdiplus

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\gdiplus.dll

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

3/29/2001 4:27:26 PM

Valid to:

5/29/2002 4:37:26 PM

Subject:

Issuer:

Serial number:

61062A8D00000000000B

File PE Metadata

Compilation timestamp:

8/18/2001 12:33:41 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

7.0

CTPH (ssdeep):

24576:TSWwWpX3g7mgl074FUSIgi3g4bMG0x15IMQMLklslaswMeEd5DoQbcnO5c/KjO:ThwltF7C3/ouMvoslp3onL

Entry address:

0x1FDF

Entry point:

55, 8B, EC, 53, 8B, 5D, 08, 56, 8B, 75, 0C, 85, F6, 57, 8B, 7D, 10, 0F, 84, 9B, 13, 01, 00, 83, FE, 01, 0F, 85, 9E, 13, 01, 00, A1, 20, A6, E7, 70, 85, C0, 0F, 85, BB, 0D, 08, 00, 57, 56, 53, E8, CF, FE, FF, FF, 85, C0, 0F, 84, B8, 0D, 08, 00, 57, 56, 53, E8, 1E, 00, 00, 00, 83, FE, 01, 89, 45, 0C, 0F, 85, 86, 13, 01, 00, 85, C0, 0F, 84, A3, 0D, 08, 00, 8B, 45, 0C, 5F, 5E, 5B, 5D, C2, 0C, 00, 6A, 08, 68, 60, BC, D5, 70, E8, 63, FC, FF, FF, 33, F6, 46, 8B, 45, 0C, 83, E8, 00, 0F, 84, 9A, 1E, 01, 00, 48, 75... 
[+]

Entropy:

6.8294

Developed / compiled with:

Microsoft Visual C++

Code size:

1.5 MB (1,544,192 bytes)

The file gdiplus.dll has been seen being distributed by the following 3 URLs.

ftp://172.17.8.88/programebi/Printer Driver/Canon/.../gdiplus.dll

https://mail-attachment.googleusercontent.com/attachment/u/.../?ui=2&ik=1f6d01e909&view=att&th=15069e06f591f5d7&attid=0.3&disp=safe&realattid=f_ifrrczvd2&zw&saddbat=ANGjdJ8gIR7AmnvdBWl_JhszY_pBhogCz0Mga4jva0TTb93cjy02-FFpBJnn6bo5aR7-z4dX8BHaV3euWMTSTiyB4v1_SUxo5xuEJkmnuyWRmVsD7YPHOLPVSOW2EdboA_fy10b90vcTxv8nBGmV6y0UjHj7ZWILFxLd3xBobWxQVytGB6-pyAqLGtjs6M1vwc8A8qLfQ77HEkwKKvehpdGe4z4091OyLSPIy1V8uy7JQzSCtni-8qgtkSDaql5LccPGF0Jjs7soNsFbxFSFZz4DgVjt_mMw7T8hJxJyU_f4brAeQfdunBZv6szO9m1kdpL6FQ0i3TG4g1cfHijQrpaljhAOzR4BmOaiKtwc56zkx_TYbQgm8bce1E6gN5yMAmiUPIWCFZR9mWzgQEmQrSC-Spu2BiYgCUogCqoIBZg84ejXvS47FEXPlsT1ArUJB8bhOVx2y0ZMiNTuXu7RsUgTeGr_SP3Ymi0--vvSogijUNL-y9tR8kCLojh1o4AFtTtvpb0L442jdj_pQuXMR0rHMzsAAObU0NB0Ggex3Jwgv0EWnTnpyMiflKyzWEh1dzi-7reEtEgC9bz43jEiPl3UO9ib540_azBs8l06vL0KYqC8SX6A_9lGZBXozY0

http://downloads.xara.com/downloads/software/xaraxsubs/.../GDIPlus.dll

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.