dxdiag.exe
- File Path:
C:\Windows\SysWOW64\dxdiag.exe - Description: Microsoft DirectX Diagnostic Tool
Screenshot
Hashes
| Type | Hash |
|---|---|
| MD5 | 24D3F0DB6CCF0C341EA4F6B206DF2EDF |
| SHA1 | B65ED4B4B1FB9CC5C128EE48A0B7CD326BA3AC93 |
| SHA256 | C36C36C2945802FEB2195AD271C98F994B22A09F6CF2A1764A190865D1D6CE2B |
| SHA384 | 0B7A23E752E83A37C0E0D42C47B3FA73E93860039F1A75252DC7DF1002EA69D3C02C611D345F4F61CFDAC77B25AE0417 |
| SHA512 | 7C4CC31303C59903E74B29B6EC14138611567A09281A4728D2B2A9B170E14344395173C1D97DF34B2F0391BC7365AC856884643C857325C3EA293AEF643C53E7 |
| SSDEEP | 3072:MMlaJEzHyusOl081O6Zdtx7SNchIarfvdNpNXXR2P9K:k0HF/1l9lhIabdNpNMP |
| IMP | E0714F696F6DB2113819D17A314D083F |
| PESHA1 | 009B1E0505A2A54960E01C9C6326BB1107A24364 |
| PE256 | 8EF6F6A10D97BD2D3A56D50EE74406275B2886DF67508DCC258D37D37ACF835F |
Runtime Data
Window Title:
DirectX Diagnostic Tool
Open Handles:
| Path | Type |
|---|---|
| (R-D) C:\Windows\Fonts\StaticCache.dat | File |
| (R-D) C:\Windows\System32\en-US\dxdiag.exe.mui | File |
| (R-D) C:\Windows\SystemResources\imageres.dll.mun | File |
| (RW-) C:\Users\user | File |
| (RW-) C:\Windows | File |
| (RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_11b1e5df2ffd8627 | File |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 | Section |
| \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 | Section |
| \BaseNamedObjects\NLS_CodePage_437_3_2_0_0 | Section |
| \Sessions\1\Windows\Theme1175649999 | Section |
| \Windows\Theme601709542 | Section |
Loaded Modules:
| Path |
|---|
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\wow64.dll |
| C:\Windows\System32\wow64cpu.dll |
| C:\Windows\System32\wow64win.dll |
| C:\Windows\SysWOW64\dxdiag.exe |
Signature
- Status: Signature verified.
- Serial:
3300000266BD1580EFA75CD6D3000000000266 - Thumbprint:
A4341B9FD50FB9964283220A36A1EF6F6FAA7840 - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: dxdiag.exe
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.19041.1 (WinBuild.160101.0800)
- Product Version: 10.0.19041.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/75
- VirusTotal Link: https://www.virustotal.com/gui/file/c36c36c2945802feb2195ad271c98f994b22a09f6cf2a1764a190865d1d6ce2b/detection
Possible Misuse
The following table contains possible examples of dxdiag.exe being misused. While dxdiag.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | registry_event_persistence_search_order.yml | Image: 'C:\WINDOWS\SYSTEM32\dxdiag.exe' |
DRL 1.0 |
MIT License. Copyright (c) 2020-2021 Strontic.