home

gdi32.dll

GDI Client DLL

Microsoft Corporation

The GDI32 library exports Graphics Device Interface (GDI) functions that perform drawing functions for applications to consume including drawing, text output, and font management. The file has been seen being downloaded from www.aodrag.es and multiple other hosts.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft® Windows® Operating System

Description:
GDI Client DLL

 
Part of the Windows Operating System

Version:
10.0.10240.16390 (th1_st1.150714-1601)

MD5:
f9f22dbc2ff1e7f00b6948545dd2ad1c

SHA-1:
8cc1b12cb4008e6bf803cb2b6fe0dbf4a20194eb

SHA-256:
4b969d85b97ed37a2109892418252db564db21fb09722b49cca462ff2042b6b9

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
12/27/2024 11:44:08 AM UTC  (today)

File size:
1.5 MB (1,591,856 bytes)

Product version:
10.0.10240.16390

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
gdi32

File type:
Dynamic link library (Win64 DLL)

Language:
English (United States)

Common path:
C:\Windows\System32\gdi32.dll

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
7/1/2014 1:32:01 PM

Valid to:
10/1/2015 1:32:01 PM

Subject:
CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
330000004EA1D80770A9BBE94400000000004E

File PE Metadata
Compilation timestamp:
7/14/2015 6:34:04 PM

OS version:
10.0

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
12.10

CTPH (ssdeep):
24576:86eP9qBev3wWV6fHr+DnkDMpUUE5v2cpRsJjShY:aqBpWV/nkw45Qp

Entry address:
0x4D020

Entry point:
48, 83, EC, 28, 83, FA, 01, 75, 0B, FF, 15, 49, D2, 07, 00, E8, 6C, 02, 00, 00, B8, 01, 00, 00, 00, 48, 83, C4, 28, C3, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, B9, 5F, 11, 00, 75, 10, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 01, C3, 48, C1, C9, 10, E9, 42, 00, 00, 00, CC, CC, CC, CC, CC, CC, 40, 53, 48, 83, EC, 20, 48, 8B, D9, 33, C9, FF, 15, 93, D0, 07, 00, 48, 8B, CB, FF, 15, 92, D0, 07, 00, FF, 15, CC, D2, 07, 00, 48, 8B, C8, BA, 09, 04, 00, C0, 48, 83, C4, 20...
 
[+]

Entropy:
5.8190

Code size:
800.5 KB (819,712 bytes)

Session Manager Known Dll
Name:
gdi32


The file gdi32.dll has been seen being distributed by the following 2 URLs.

http://www.aodrag.es/updater/8.0.15/.../gdi32.dll

http://www.aodrag.es/updater/8.0.19/.../gdi32.dll

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.