home

gdiplus.dll

Microsoft GDI+

Microsoft Corporation

This is installed with Microsoft Photo Premium 10.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft® Windows® Operating System

Description:
Microsoft GDI+

Version:
5.1.3102.1360 (xpsp2.040109-1800)

MD5:
871c903a90c45ca08a9d42803916c3f7

SHA-1:
d962a12bc15bfb4c505bb63f603ca211588958db

SHA-256:
f1da32183b3da19f75fa4ef0974a64895266b16d119bbb1da9fe63867dba0645

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
11/24/2024 7:31:47 AM UTC  (today)

File size:
1.6 MB (1,645,320 bytes)

Product version:
5.1.3102.1360

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
gdiplus

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\gdiplus.dll

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
6/30/2003 5:22:43 PM

Valid to:
8/30/2004 5:32:43 PM

Subject:
CN=Microsoft Windows XP Publisher, OU=Copyright (c) 2003 Microsoft Corp., O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Windows Verification Intermediate PCA, OU=Copyright (c) 1999 Microsoft Corp., O=Microsoft Corporation, L=Redmond, S=WA, C=US

Serial number:
6106513F000000000035

File PE Metadata
Compilation timestamp:
3/2/2004 10:38:12 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
7.0

CTPH (ssdeep):
24576:Fk18V2mHkfIE3Ip9vkWEgDecZV3W9kpOuRw8RhWd5Ixwzr6lOboU7j97S9D+z98v:FZNkf+uW3D1ZVG9kVw8I5Rv6lwH9+X

Entry address:
0x351FC

Entry point:
55, 8B, EC, 53, 8B, 5D, 08, 56, 8B, 75, 0C, 85, F6, 57, 8B, 7D, 10, 0F, 84, 48, E0, 04, 00, 83, FE, 01, 75, 43, A1, 6C, C6, E6, 70, 85, C0, 0F, 85, 42, E0, 04, 00, 57, 56, 53, E8, E8, 00, 00, 00, 85, C0, 0F, 84, 3F, E0, 04, 00, 57, 56, 53, E8, 67, FF, FF, FF, 83, FE, 01, 89, 45, 0C, 0F, 85, 3A, E0, 04, 00, 85, C0, 0F, 84, 2A, E0, 04, 00, 8B, 45, 0C, 5F, 5E, 5B, 5D, C2, 0C, 00, 83, FE, 02, 75, D5, EB, B6, 8B, 45, 08, 85, C0, 74, 03, 83, 20, 00, FF, 03, 5F, 5B, C9, C3, 55, 8B, EC, 51, 51, 53, 56, 57, 33, FF...
 
[+]

Entropy:
6.7878

Developed / compiled with:
Microsoft Visual C++

Code size:
1.4 MB (1,482,752 bytes)

The file gdiplus.dll has been discovered within the following program.

Microsoft Photo Premium 10  by Microsoft Corporation
Publisher's description - “Microsoft Picture It! Premium 10 offers easy-to-use photo tools for digital camera owners who want a complete digital photo solution. Use project templates for photo cards, calendars, labels, flyers, and more to make sure your photos always look their best.”
go.microsoft.com/fwlink/?linkid=29535&clcid=0x809
1% remove it
 
Powered by Should I Remove It?

The file gdiplus.dll has been seen being distributed by the following 9 URLs.

ftp://192.168.43.1:8888/storage/emulated/legacy/Ashampoo/.../gdiplus.dll

https://dub127.mail.live.com/.../ScanAttachment.aspx?messageid=mgEbddJwAd5RG2hgAhWtfbnA2&attindex=3&cp=-1&attdepth=3&blob=MXxHRElQTFVTLmRsbHxhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0_3d&entryPt=download&biciPrevious=6376ac59-c589-4702-9c2a-540a65de3176_04decf0d144_10420

ftp://130.21.0.80/cts/upgrade/.../gdiplus.dll

http://www.hotradio.fr/htm/.../gdiplus.dll

temp:gdiplus.dll

ftp://10.0.153.250/AUTO CAD/autocad07/.../gdiplus.dll

about:internet

http://www.medbase.ca/download/VFOXPRO9.0/PROGRAM FILES/COMMON FILES/MICROSOFT SHARED/.../GDIPLUS.DLL

https://content-eu.drive.amazonaws.com/cdproxy/.../yjejqDRO8JGsGnoAs87qep0u8ffLR19mTos4h6xb0FMLAYspN?download=true

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.