home

gdiplus.dll

Microsoft GDI+

Microsoft Corporation

Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
Microsoft GDI+

Version:
5.2.7600.16385 (win7_rtm.090713-1255)

MD5:
b860bb36739b3ce8e2dea7a529c144f1

SHA-1:
eb1df210f618055c05b66144aa1d5291ec2b75d3

SHA-256:
2c1497464352ac08784ef7be799c5d0810a3352ea9fa78495fafe9493b850d46

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
6/17/2024 9:16:50 AM UTC  (today)

File size:
1.6 MB (1,722,880 bytes)

Product version:
5.2.7600.16385

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
gdiplus

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\soda pdf 3d reader\gdiplus.dll

File PE Metadata
Compilation timestamp:
7/14/2009 9:03:51 AM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
24576:3aXjHnlwi536NkqTl+a7lv+0FFU53qkNVBm/9JDOkuNVK9ZyBdghKdVykA:3aXjHnlwc6X+Ko5akrMxuNVKPyB0kA

Entry address:
0x15BA

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 86, FF, FF, FF, 5D, 90, 90, 90, 90, 90, 6A, 2C, 68, 88, 16, 80, 75, E8, F8, 03, 00, 00, 8B, 4D, 0C, 33, D2, 42, 89, 55, E4, 33, F6, 89, 75, FC, 89, 0D, 04, 40, 98, 75, 3B, CE, 0F, 84, BC, 08, 00, 00, 3B, CA, 0F, 85, 14, 01, 00, 00, A1, 70, 68, 98, 75, 3B, C6, 0F, 85, BB, 08, 00, 00, 39, 75, E4, 74, 5E, C7, 45, FC, 02, 00, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, DE, 01, 00, 00, 89, 45, E4, 89, 75, FC, 39, 75, E4, 74, 3E, 8B, 4D, 0C, C7, 45, FC, 03, 00...
 
[+]

Code size:
1.5 MB (1,583,616 bytes)

The file gdiplus.dll has been seen being distributed by the following 3 URLs.

http://www.zook.co.kr/zook/.../GdiPlus.dll

http://www.ezhelp.co.kr/update/.../GdiPlus.dll

http://939.co.kr/.../GdiPlus.dll

Scan gdiplus.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.