dxdiag.exe
- File Path:
C:\WINDOWS\system32\dxdiag.exe - Description: Microsoft DirectX Diagnostic Tool
Screenshot
Hashes
| Type | Hash |
|---|---|
| MD5 | D29D0355BB1CC2712C78E1A34146B006 |
| SHA1 | EFE2F700484B87559E2D321A12DD79B067C940C9 |
| SHA256 | 6798F6B549916BEB78CB7D6770E31D5258FDE14F781795C5D439C2FED62FA324 |
| SHA384 | 2BAB047D679732552EFCDECF09C4AE047DCD94DE09926F9EE1827EB9D75A48E133A0155E2FF82961ABDD834A8527DA83 |
| SHA512 | C65468DDA883D4ED238E572A448E5C294C7F9D6428D62D266CF343DF4C3FF0EECA6B77894E6BDBDB700C484A74E6E76D771BBA4EFB6217415D1833C503A3CBF4 |
| SSDEEP | 6144:cBwwl4L9n6MiH1M25G9k3Jw0FjOnRiwbcPMCptMRLP:2u96X9Gcw+cRLP |
| IMP | 62F80EA69E8426ABA27DEBFC641BFD2B |
| PESHA1 | EADF77B0930361B26D132C613D9C83CF2D0E1A73 |
| PE256 | 6F911618D95FEF895F492B478A21EA1EA0D217E4AFF34E727D51E156C7C9017F |
Runtime Data
Window Title:
DirectX Diagnostic Tool
Open Handles:
| Path | Type |
|---|---|
| (R-D) C:\Windows\Fonts\StaticCache.dat | File |
| (R-D) C:\Windows\System32\en-US\dxdiag.exe.mui | File |
| (R-D) C:\Windows\SystemResources\imageres.dll.mun | File |
| (RW-) C:\Windows\System32 | File |
| (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467 | File |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro | Section |
| \Sessions\2\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 | Section |
| \Sessions\2\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 | Section |
| \Sessions\2\Windows\Theme1077709572 | Section |
| \Windows\Theme3461253685 | Section |
Loaded Modules:
| Path |
|---|
| C:\WINDOWS\SYSTEM32\apphelp.dll |
| C:\WINDOWS\system32\dxdiag.exe |
| C:\WINDOWS\System32\KERNEL32.DLL |
| C:\WINDOWS\System32\KERNELBASE.dll |
| C:\WINDOWS\SYSTEM32\ntdll.dll |
Signature
- Status: Signature verified.
- Serial:
33000002ED2C45E4C145CF48440000000002ED - Thumbprint:
312860D2047EB81F8F58C29FF19ECDB4C634CF6A - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: dxdiag.exe.mui
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.22000.1 (WinBuild.160101.0800)
- Product Version: 10.0.22000.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/73
- VirusTotal Link: https://www.virustotal.com/gui/file/6798f6b549916beb78cb7d6770e31d5258fde14f781795c5d439c2fed62fa324/detection
Possible Misuse
The following table contains possible examples of dxdiag.exe being misused. While dxdiag.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | registry_event_persistence_search_order.yml | Image: 'C:\WINDOWS\SYSTEM32\dxdiag.exe' |
DRL 1.0 |
MIT License. Copyright (c) 2020-2021 Strontic.