dxdiag.exe

  • File Path: C:\Windows\SysWOW64\dxdiag.exe
  • Description: Microsoft DirectX Diagnostic Tool

Screenshot

dxdiag.exe

Hashes

Type Hash
MD5 24D3F0DB6CCF0C341EA4F6B206DF2EDF
SHA1 B65ED4B4B1FB9CC5C128EE48A0B7CD326BA3AC93
SHA256 C36C36C2945802FEB2195AD271C98F994B22A09F6CF2A1764A190865D1D6CE2B
SHA384 0B7A23E752E83A37C0E0D42C47B3FA73E93860039F1A75252DC7DF1002EA69D3C02C611D345F4F61CFDAC77B25AE0417
SHA512 7C4CC31303C59903E74B29B6EC14138611567A09281A4728D2B2A9B170E14344395173C1D97DF34B2F0391BC7365AC856884643C857325C3EA293AEF643C53E7
SSDEEP 3072:MMlaJEzHyusOl081O6Zdtx7SNchIarfvdNpNXXR2P9K:k0HF/1l9lhIabdNpNMP
IMP E0714F696F6DB2113819D17A314D083F
PESHA1 009B1E0505A2A54960E01C9C6326BB1107A24364
PE256 8EF6F6A10D97BD2D3A56D50EE74406275B2886DF67508DCC258D37D37ACF835F

Runtime Data

Window Title:

DirectX Diagnostic Tool

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\dxdiag.exe.mui File
(R-D) C:\Windows\SystemResources\imageres.dll.mun File
(RW-) C:\Users\user File
(RW-) C:\Windows File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_11b1e5df2ffd8627 File
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\1\Windows\Theme1175649999 Section
\Windows\Theme601709542 Section

Loaded Modules:

Path
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll
C:\Windows\SysWOW64\dxdiag.exe

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: dxdiag.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/75
  • VirusTotal Link: https://www.virustotal.com/gui/file/c36c36c2945802feb2195ad271c98f994b22a09f6cf2a1764a190865d1d6ce2b/detection

Possible Misuse

The following table contains possible examples of dxdiag.exe being misused. While dxdiag.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma registry_event_persistence_search_order.yml Image: 'C:\WINDOWS\SYSTEM32\dxdiag.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.