dxdiag.exe

  • File Path: C:\WINDOWS\system32\dxdiag.exe
  • Description: Microsoft DirectX Diagnostic Tool

Screenshot

dxdiag.exe

Hashes

Type Hash
MD5 D29D0355BB1CC2712C78E1A34146B006
SHA1 EFE2F700484B87559E2D321A12DD79B067C940C9
SHA256 6798F6B549916BEB78CB7D6770E31D5258FDE14F781795C5D439C2FED62FA324
SHA384 2BAB047D679732552EFCDECF09C4AE047DCD94DE09926F9EE1827EB9D75A48E133A0155E2FF82961ABDD834A8527DA83
SHA512 C65468DDA883D4ED238E572A448E5C294C7F9D6428D62D266CF343DF4C3FF0EECA6B77894E6BDBDB700C484A74E6E76D771BBA4EFB6217415D1833C503A3CBF4
SSDEEP 6144:cBwwl4L9n6MiH1M25G9k3Jw0FjOnRiwbcPMCptMRLP:2u96X9Gcw+cRLP
IMP 62F80EA69E8426ABA27DEBFC641BFD2B
PESHA1 EADF77B0930361B26D132C613D9C83CF2D0E1A73
PE256 6F911618D95FEF895F492B478A21EA1EA0D217E4AFF34E727D51E156C7C9017F

Runtime Data

Window Title:

DirectX Diagnostic Tool

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\dxdiag.exe.mui File
(R-D) C:\Windows\SystemResources\imageres.dll.mun File
(RW-) C:\Windows\System32 File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467 File
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\2\Windows\Theme1077709572 Section
\Windows\Theme3461253685 Section

Loaded Modules:

Path
C:\WINDOWS\SYSTEM32\apphelp.dll
C:\WINDOWS\system32\dxdiag.exe
C:\WINDOWS\System32\KERNEL32.DLL
C:\WINDOWS\System32\KERNELBASE.dll
C:\WINDOWS\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 33000002ED2C45E4C145CF48440000000002ED
  • Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: dxdiag.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.22000.1 (WinBuild.160101.0800)
  • Product Version: 10.0.22000.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/6798f6b549916beb78cb7d6770e31d5258fde14f781795c5d439c2fed62fa324/detection

Possible Misuse

The following table contains possible examples of dxdiag.exe being misused. While dxdiag.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma registry_event_persistence_search_order.yml Image: 'C:\WINDOWS\SYSTEM32\dxdiag.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.