home

gdiplus.dll

Microsoft GDI+

Novoasoft Corporation

Publisher:
Microsoft Corporation  (signed by Novoasoft Corporation)

Product:
Microsoft® Windows® Operating System

Description:
Microsoft GDI+

Version:
5.1.3097.0 (xpclient.010817-1148)

MD5:
c6dfd11aea4902862dadab7810c2ab44

SHA-1:
d834089a55e3110e77a6d1b8d9f56b39400143aa

SHA-256:
b12ac6a563e2ae2c13f79b5c5abc28dbe5d58427aa9f4c715cc759f5da379412

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/1/2024 11:19:36 AM UTC  (today)

File size:
1.6 MB (1,707,968 bytes)

Product version:
5.1.3097.0

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
gdiplus

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\gdiplus.dll

Digital Signature
Signed by:
Novoasoft Corporation

Authority:
VeriSign, Inc.

Valid from:
5/28/2014 7:00:00 AM

Valid to:
5/29/2015 6:59:59 AM

Subject:
CN=Novoasoft Corporation, OU=Product Department, O=Novoasoft Corporation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
487D727CD3B765BAA8B8016DDAA6E88B

File PE Metadata
Compilation timestamp:
8/18/2001 12:33:41 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
7.0

CTPH (ssdeep):
24576:5SWwWpX3g7mgl074FUSIgi3g4bMG0x15IMQMLklslaswMeEd5DoQbcnO5c/Kz:5hwltF7C3/ouMvoslp3onS

Entry address:
0x1FDF

Entry point:
55, 8B, EC, 53, 8B, 5D, 08, 56, 8B, 75, 0C, 85, F6, 57, 8B, 7D, 10, 0F, 84, 9B, 13, 01, 00, 83, FE, 01, 0F, 85, 9E, 13, 01, 00, A1, 20, A6, E7, 70, 85, C0, 0F, 85, BB, 0D, 08, 00, 57, 56, 53, E8, CF, FE, FF, FF, 85, C0, 0F, 84, B8, 0D, 08, 00, 57, 56, 53, E8, 1E, 00, 00, 00, 83, FE, 01, 89, 45, 0C, 0F, 85, 86, 13, 01, 00, 85, C0, 0F, 84, A3, 0D, 08, 00, 8B, 45, 0C, 5F, 5E, 5B, 5D, C2, 0C, 00, 6A, 08, 68, 60, BC, D5, 70, E8, 63, FC, FF, FF, 33, F6, 46, 8B, 45, 0C, 83, E8, 00, 0F, 84, 9A, 1E, 01, 00, 48, 75...
 
[+]

Entropy:
6.8305

Developed / compiled with:
Microsoft Visual C++

Code size:
1.5 MB (1,544,192 bytes)

Scan gdiplus.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.