dxdiag.exe

  • File Path: C:\Windows\system32\dxdiag.exe
  • Description: Microsoft DirectX Diagnostic Tool

Screenshot

dxdiag.exe

Hashes

Type Hash
MD5 19AB5AD061BF013EBD012D0682DF37E5
SHA1 12D398377984569695F4882C5734D5A7CFD727DE
SHA256 B3C1048DF7A2292798EFCAD66B3400C5C3C5747E8F09993621FD0DE7B33A159C
SHA384 3C224B1C8AE1847A1908936760FC76F48948F3ABAFA77A3FA738DE651CE421C4ACB6BCB33FCEBBB9F067ED1318040482
SHA512 2142C9F06A87FF8901705C022CA5BA0C768BA4484A32DB596361D04C149B390191BBE05392BCB724FC9F2B172C2817F7B9F9FECD130A4A894FEA5D72ECF10647
SSDEEP 6144:kVzfxC1imqncQXy9194csa8iy9JBl6glJVJ3UkvhZ3P:t1iJckY6hDUUP
IMP 6B783B76A766357333E369590AB75C80
PESHA1 B1C1DBBE0476C8DD46E89332F094E5D0C49AD2A5
PE256 34FA29C4BA811485B176351EFD1E93A1681C824A2E1371E75FB4E33E62E7535C

Runtime Data

Window Title:

DirectX Diagnostic Tool

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\dxdiag.exe.mui File
(R-D) C:\Windows\SystemResources\imageres.dll.mun File
(RW-) C:\Users\user File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21 File
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\1\Windows\Theme1175649999 Section
\Windows\Theme601709542 Section

Loaded Modules:

Path
C:\Windows\SYSTEM32\apphelp.dll
C:\Windows\system32\dxdiag.exe
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: dxdiag.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/76
  • VirusTotal Link: https://www.virustotal.com/gui/file/b3c1048df7a2292798efcad66b3400c5c3c5747e8f09993621fd0de7b33a159c/detection

Possible Misuse

The following table contains possible examples of dxdiag.exe being misused. While dxdiag.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma registry_event_persistence_search_order.yml Image: 'C:\WINDOWS\SYSTEM32\dxdiag.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.