home

gdiplus.dll

MD5:
25fad0a68d734199f6a87874340e6b7a

SHA-1:
266a584e2d8e030d53ffb0795a498ad3b4e5b5a2

SHA-256:
8b590d44849714731e10ba621d22ed9f5c43692c03493a33853479b25bfe6afd

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/16/2024 8:22:01 PM UTC  (today)

File size:
748.8 KB (766,802 bytes)

File type:
Dynamic link library (Win64 DLL)

Common path:
C:\Documents and Settings\{user}\Local settings\temporary internet files\content.ie5\{random}\gdiplus.dll

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
12288:1ZFQsbdAuxuWMoaCbfR0uxs8zqHQSp/Q5ac1ANN06gDF8BabBo5jiscW/P6hkZ0U:1lnuW3bfR0FeqHj/iXK/5aF8BabKykR

Entry point:
4D, 53, 43, 46, 00, 00, 00, 00, 52, B3, 0B, 00, 00, 00, 00, 00, 2C, 00, 00, 00, 00, 00, 00, 00, 03, 01, 01, 00, 01, 00, 00, 00, 00, 00, 00, 00, 48, 00, 00, 00, 35, 00, 03, 15, 00, 50, 1A, 00, 00, 00, 00, 00, 00, 00, 79, 32, 26, 00, 60, 00, 47, 64, 69, 50, 6C, 75, 73, 2E, 64, 6C, 6C, 00, DA, 15, EB, EB, D8, 28, 00, 80, 5B, 80, 80, 8D, 05, 20, 29, 92, 8D, 13, 00, 40, 64, 00, 44, 12, 00, 60, 00, 00, E9, 5F, 29, 4F, 07, ED, DA, 94, BD, D8, 56, 0A, 92, C8, 5E, 87, F5, EE, BA, 79, DA, DE, B2, DA, AE, 53, F7, EF...
 
[+]

Entropy:
7.9996  (probably packed)

The file gdiplus.dll has been seen being distributed by the following 4 URLs.

http://mylabs.px.pearsoned.com/SIMrepository/web/.../wxOpIBII7IUdYgP2GP&SessionID=vn5qedntxipy3xki0mofbl5n

http://mylabs.px.pearsoned.com/SIMrepository/.../servecontent.pctp?intAssetID=6&FileMode=3&TokenID=o7BCPvps9Uhg94w5taZmyICUe3yozu4j&SessionID=c3z0pp4oz2ktgrbc2agmo2ei

http://mylabs.px.pearsoned.com/SIMrepository/web/.../UyowKQys8hFMAuMHS&SessionID=2hmgl2x0ezqsc3gqijvtc5el

http://mylabs.px.pearsoned.com/SIMrepository/.../servecontent.pctp?intAssetID=6&FileMode=3&TokenID=8qwGBHbQMcUcXeQOXkQukqJjpIQ1ADRy&SessionID=sqwpozcdci55sfuvrk22oajl

Scan gdiplus.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.