dxdiag.exe
- File Path:
C:\Windows\system32\dxdiag.exe - Description: Microsoft DirectX Diagnostic Tool
Screenshot
Hashes
| Type | Hash |
|---|---|
| MD5 | 19AB5AD061BF013EBD012D0682DF37E5 |
| SHA1 | 12D398377984569695F4882C5734D5A7CFD727DE |
| SHA256 | B3C1048DF7A2292798EFCAD66B3400C5C3C5747E8F09993621FD0DE7B33A159C |
| SHA384 | 3C224B1C8AE1847A1908936760FC76F48948F3ABAFA77A3FA738DE651CE421C4ACB6BCB33FCEBBB9F067ED1318040482 |
| SHA512 | 2142C9F06A87FF8901705C022CA5BA0C768BA4484A32DB596361D04C149B390191BBE05392BCB724FC9F2B172C2817F7B9F9FECD130A4A894FEA5D72ECF10647 |
| SSDEEP | 6144:kVzfxC1imqncQXy9194csa8iy9JBl6glJVJ3UkvhZ3P:t1iJckY6hDUUP |
| IMP | 6B783B76A766357333E369590AB75C80 |
| PESHA1 | B1C1DBBE0476C8DD46E89332F094E5D0C49AD2A5 |
| PE256 | 34FA29C4BA811485B176351EFD1E93A1681C824A2E1371E75FB4E33E62E7535C |
Runtime Data
Window Title:
DirectX Diagnostic Tool
Open Handles:
| Path | Type |
|---|---|
| (R-D) C:\Windows\Fonts\StaticCache.dat | File |
| (R-D) C:\Windows\System32\en-US\dxdiag.exe.mui | File |
| (R-D) C:\Windows\SystemResources\imageres.dll.mun | File |
| (RW-) C:\Users\user | File |
| (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21 | File |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 | Section |
| \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 | Section |
| \BaseNamedObjects\NLS_CodePage_437_3_2_0_0 | Section |
| \Sessions\1\Windows\Theme1175649999 | Section |
| \Windows\Theme601709542 | Section |
Loaded Modules:
| Path |
|---|
| C:\Windows\SYSTEM32\apphelp.dll |
| C:\Windows\system32\dxdiag.exe |
| C:\Windows\System32\KERNEL32.DLL |
| C:\Windows\System32\KERNELBASE.dll |
| C:\Windows\SYSTEM32\ntdll.dll |
Signature
- Status: Signature verified.
- Serial:
3300000266BD1580EFA75CD6D3000000000266 - Thumbprint:
A4341B9FD50FB9964283220A36A1EF6F6FAA7840 - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: dxdiag.exe.mui
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.19041.1 (WinBuild.160101.0800)
- Product Version: 10.0.19041.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/76
- VirusTotal Link: https://www.virustotal.com/gui/file/b3c1048df7a2292798efcad66b3400c5c3c5747e8f09993621fd0de7b33a159c/detection
Possible Misuse
The following table contains possible examples of dxdiag.exe being misused. While dxdiag.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | registry_event_persistence_search_order.yml | Image: 'C:\WINDOWS\SYSTEM32\dxdiag.exe' |
DRL 1.0 |
MIT License. Copyright (c) 2020-2021 Strontic.