dxdiag.exe

  • File Path: C:\WINDOWS\SysWOW64\dxdiag.exe
  • Description: Microsoft DirectX Diagnostic Tool

Screenshot

dxdiag.exe

Hashes

Type Hash
MD5 91D862C865A4E126C7254F0C20A790C1
SHA1 7087AB5D2E8BDCFEEB1F401DC7D15BE453B88669
SHA256 83DFE57C5D6FC7F8760E9F55AD6565ED1DB2709C19A1972CC02BC3F356F0216A
SHA384 74C02ECF71C139B69634AC4D9972E810A3D1DD735946DF2207DE3FA15506495AEE6C7417DF63D436BE7FC696AB314847
SHA512 35FACFD1A2E989F0DC75D17553B513E4D9774F7D739090AA5D3346CF1630A1554E7523A4A298DFF28667CD2A6EFDBB61145BF66A7B87B379EBA74D96D4AACF94
SSDEEP 3072:cW0iJPnGZn4Xbqt79AN6OWxlaAWq1LG+7wUS4g35Mg2P9:vfHg5AN6OW3JdQ4O54P
IMP 6186D7C40E113F20D06DD9C1C7AAC3B8
PESHA1 30EA1C69A0041B884ACF9404B296D16F8E74C85E
PE256 CE9DA98C9B195D40E5211F15439A049449AC4CAB2E134340DFFD4F565579226A

Runtime Data

Window Title:

DirectX Diagnostic Tool

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\dxdiag.exe.mui File
(R-D) C:\Windows\SystemResources\imageres.dll.mun File
(RW-) C:\Windows File
(RW-) C:\Windows\SysWOW64 File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_e541a94fcce8ed6d File
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\2\Windows\Theme1077709572 Section
\Windows\Theme3461253685 Section

Loaded Modules:

Path
C:\WINDOWS\SYSTEM32\ntdll.dll
C:\WINDOWS\System32\wow64.dll
C:\WINDOWS\System32\wow64base.dll
C:\WINDOWS\System32\wow64con.dll
C:\WINDOWS\System32\wow64cpu.dll
C:\WINDOWS\System32\wow64win.dll
C:\WINDOWS\SysWOW64\dxdiag.exe

Signature

  • Status: Signature verified.
  • Serial: 33000002ED2C45E4C145CF48440000000002ED
  • Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: dxdiag.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.22000.1 (WinBuild.160101.0800)
  • Product Version: 10.0.22000.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/74
  • VirusTotal Link: https://www.virustotal.com/gui/file/83dfe57c5d6fc7f8760e9f55ad6565ed1db2709c19a1972cc02bc3f356f0216a/detection

Possible Misuse

The following table contains possible examples of dxdiag.exe being misused. While dxdiag.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma registry_event_persistence_search_order.yml Image: 'C:\WINDOWS\SYSTEM32\dxdiag.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.