home

gdiplus.dll

Microsoft GDI+

China Merchants Bank Co., Ltd

Publisher:
Microsoft Corporation  (signed by China Merchants Bank Co., Ltd)

Product:
Microsoft® Windows® Operating System

Description:
Microsoft GDI+

Version:
5.1.3102.3352 (xpsp_sp2_qfe.080415-1302)

MD5:
cd2b5ee38135a95b01ce0a406bbb4dee

SHA-1:
54b65c7fe7ea9060f8b54d5432ef039876142112

SHA-256:
08d2668e965c2a8694e9e8605d889e061f28072191c3900166d572dc64105c73

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/6/2024 4:31:26 AM UTC  (today)

File size:
1.7 MB (1,730,448 bytes)

Product version:
5.1.3102.3352

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
gdiplus

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\gdiplus.dll

Digital Signature
Signed by:
China Merchants Bank Co., Ltd

Authority:
VeriSign, Inc.

Valid from:
5/14/2009 8:00:00 AM

Valid to:
5/15/2010 7:59:59 AM

Subject:
CN="China Merchants Bank Co., Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="China Merchants Bank Co., Ltd", L=Shenzhen, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2D71B63278C02925DA535C27D6FF4A33

File PE Metadata
Compilation timestamp:
4/16/2008 1:55:17 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
7.10

CTPH (ssdeep):
24576:iQDlA7rUYkSvN7vAesH3WcZYZvTMXxcHk66XvfqZ5phx4TMEGmOlIF:iQ5A7rVn1keOWyY5Mhg+v8N8+IF

Entry address:
0x1F66D

Entry point:
8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 56, 8B, 75, 0C, 85, F6, 57, 8B, 7D, 10, 0F, 84, 94, 0E, 00, 00, 83, FE, 01, 0F, 85, 97, 0E, 00, 00, A1, 20, 09, 01, 4B, 85, C0, 0F, 85, AC, 93, 06, 00, 57, 56, 53, E8, BC, FE, FF, FF, 85, C0, 0F, 84, A9, 93, 06, 00, 57, 56, 53, E8, 23, 00, 00, 00, 83, FE, 01, 89, 45, 0C, 0F, 85, 7E, 0E, 00, 00, 85, C0, 0F, 84, 94, 93, 06, 00, 8B, 45, 0C, 5F, 5E, 5B, 5D, C2, 0C, 00, 90, 90, 90, 90, 90, 6A, 08, 68, 20, F7, EA, 4A, E8, 65, 1E, FE, FF, 33, F6, 46, 8B, 45, 0C, 83, E8, 00, 0F...
 
[+]

Entropy:
6.7431

Code size:
1.5 MB (1,568,768 bytes)

Scan gdiplus.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.