home

WINGDI1.dll

WINGDI1

Capital Intellect Inc

The module WINGDI1.dll by Capital Intellect Inc has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Capital Intellect Inc  (signed and verified)

Product:
WINGDI1

Version:
2005.01.0002

MD5:
1ca83e62411dbff16e223bd221553015

SHA-1:
034ef7b8020d9cbc40b178362f08c9c2cc128052

SHA-256:
758b67ca846ab6eaf313b6b6311cdc1677b5bbfbe4e6ce611c1018e902b2e802

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 10:07:48 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.CapitalIntellect.H
14.9.27.19

File size:
122.1 KB (125,080 bytes)

Product version:
2005.01.0002

Copyright:
Copyright (c) 2003-2005. Capital Intellect Inc

Trademarks:
Copyright (c) 2003-2005. All Rights Reserved. Capital Intellect Inc

Original file name:
WINGDI1.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Windows\System32\wingdi1.dll

Digital Signature
Signed by:
Capital Intellect Inc

Authority:
VeriSign, Inc.

Valid from:
6/9/2005 8:00:00 PM

Valid to:
6/10/2006 7:59:59 PM

Subject:
CN=Capital Intellect Inc, OU=Winferno Software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Capital Intellect Inc, L=Boston, S=Massachusetts, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
73F02771770397365C7AA841E5C43539

Registration
CLSIDs:
{0BB338AE-1E59-4E67-A322-FA46F0C4C28F}, {250EEE99-7900-40A4-8383-00066A2921D0}, {5BB21ABC-9708-4490-BF1D-3CBD3A325656}, {8AA44962-3013-49C0-A8BF-64388EAD7D2B}, {B5702C94-DA84-481E-B3AA-08168C6F2D59}, {CEEFC5E6-BB81-462C-8267-D13A041BD5CA}

ProgIDs:
WINGDI1.GDIPImage, WINGDI1.GDIPFrameDimension, WINGDI1.GDIPGraphics, WINGDI1.GDIPBitmap, WINGDI1.GDIPImageDecoderList, WINGDI1.GDIPlusGlobal, WINGDI1.GDIPImageEncoderList

COM registered:
Yes

File PE Metadata
Compilation timestamp:
6/11/2005 12:23:44 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:7Pysg2/OMamU0ert/+QyIixETPco/3Fp0E+oWbsikwW1Rs7BQkNoPPX9Y:LbJ/OMAwIix8co/3sEAoHi

Entry address:
0x1D34

Entry point:
5A, 68, 10, 4D, 43, 17, 68, 14, 4D, 43, 17, 52, E9, E7, FF, FF, FF, 00, 00, 00, 40, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 95, BF, F6, A6, 7F, B3, A1, 44, B8, D4, D6, C5, 7E, 9B, FA, 9C, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 57, 49, 4E, 47, 44, 49, 31, 00, 00, 00, 00, 00, 00, 00, 00, 00, B0, 00, 00, 00, 88, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 0D, 00, 00, 00, 6A, 7D, D8, C1, 7E, FC, 22, 42, 94, AD, 48, C6, AC, 20, 0C, 10, 01, 00, 00, 00, A0, 00, 00, 00...
 
[+]

Entropy:
5.5180

Developed / compiled with:
Microsoft Visual Basic v6.0

Code size:
76 KB (77,824 bytes)

Automation Object
CLSID:
{0BB338AE-1E59-4E67-A322-FA46F0C4C28F}

CLSID name:
WINGDI1.GDIPImage


Remove WINGDI1.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.