dxdiag.exe
- File Path:
C:\Windows\system32\dxdiag.exe - Description: Microsoft DirectX Diagnostic Tool
Screenshot
Hashes
| Type | Hash |
|---|---|
| MD5 | EB34E3F86DB8971684A65F5DEA5A535E |
| SHA1 | 5178A1338FBCABA34699B871EECD1C04266EE06F |
| SHA256 | 942F70ACE785DC2A2D7377ABC3DB1A2B769C5FF8AD4DFF0D3CD66B9E029CD178 |
| SHA384 | E1E8C430F5B3481961E8FE03CC411B6B8243122F398D5A25E2653EBCD9394581E69308AC11F250E3C21317CF577C94C7 |
| SHA512 | 60259625AB2708D8824C51BDA8AB106729B98224C42D2FB919ECAF7278FCE4898E13584FFA697EE19E96AD6F67482CAB3C821342C142EF7F456B81C72FA8AA4A |
| SSDEEP | 6144:9wKhyJ1CduTR4CchMK1NSAqjMYzo6o/7tzRGOBDE4P:9wGWdwMiIo6POBFP |
| IMP | 7D3E50DE92EA99CC2501F8ABADF36063 |
| PESHA1 | 6F0D35CC7D5706EE08FFD6A79AFBF58D608BC532 |
| PE256 | D2CA3D96EE102685E89B964E69D894C5A3BBD0C78B84E883951F08E8F0217FFA |
Runtime Data
Window Title:
DirectX Diagnostic Tool
Open Handles:
| Path | Type |
|---|---|
| (R-D) C:\Windows\Fonts\StaticCache.dat | File |
| (R-D) C:\Windows\System32\en-US\dxdiag.exe.mui | File |
| (R-D) C:\Windows\System32\en-US\imageres.dll.mui | File |
| (RW-) C:\Users\user | File |
| (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17763.1518_none_de6e2bd0534e2567 | File |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000004.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000004.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro | Section |
| \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 | Section |
| \BaseNamedObjects\NLS_CodePage_437_3_2_0_0 | Section |
| \Sessions\2\Windows\Theme2131664586 | Section |
| \Windows\Theme966197582 | Section |
Loaded Modules:
| Path |
|---|
| C:\Windows\System32\ADVAPI32.dll |
| C:\Windows\SYSTEM32\apphelp.dll |
| C:\Windows\System32\bcryptPrimitives.dll |
| C:\Windows\System32\cfgmgr32.dll |
| C:\Windows\System32\combase.dll |
| C:\Windows\System32\COMDLG32.dll |
| C:\Windows\System32\CRYPT32.dll |
| C:\Windows\System32\cryptsp.dll |
| C:\Windows\system32\dwmapi.dll |
| C:\Windows\system32\dxdiag.exe |
| C:\Windows\System32\GDI32.dll |
| C:\Windows\System32\gdi32full.dll |
| C:\Windows\System32\IMM32.DLL |
| C:\Windows\System32\kernel.appcore.dll |
| C:\Windows\System32\KERNEL32.DLL |
| C:\Windows\System32\KERNELBASE.dll |
| C:\Windows\System32\MSASN1.dll |
| C:\Windows\System32\MSCTF.dll |
| C:\Windows\System32\msvcp_win.dll |
| C:\Windows\System32\msvcrt.dll |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\ole32.dll |
| C:\Windows\System32\OLEAUT32.dll |
| C:\Windows\System32\powrprof.dll |
| C:\Windows\System32\profapi.dll |
| C:\Windows\System32\RPCRT4.dll |
| C:\Windows\System32\sechost.dll |
| C:\Windows\System32\shcore.dll |
| C:\Windows\System32\SHELL32.dll |
| C:\Windows\System32\SHLWAPI.dll |
| C:\Windows\System32\ucrtbase.dll |
| C:\Windows\System32\USER32.dll |
| C:\Windows\system32\uxtheme.dll |
| C:\Windows\System32\win32u.dll |
| C:\Windows\System32\windows.storage.dll |
| C:\Windows\system32\WindowsCodecs.dll |
| C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17763.1518_none_de6e2bd0534e2567\COMCTL32.dll |
Signature
- Status: Signature verified.
- Serial:
3300000266BD1580EFA75CD6D3000000000266 - Thumbprint:
A4341B9FD50FB9964283220A36A1EF6F6FAA7840 - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: dxdiag.exe.mui
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.17763.1 (WinBuild.160101.0800)
- Product Version: 10.0.17763.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/71
- VirusTotal Link: https://www.virustotal.com/gui/file/942f70ace785dc2a2d7377abc3db1a2b769c5ff8ad4dff0d3cd66b9e029cd178/detection/
Possible Misuse
The following table contains possible examples of dxdiag.exe being misused. While dxdiag.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | registry_event_persistence_search_order.yml | Image: 'C:\WINDOWS\SYSTEM32\dxdiag.exe' |
DRL 1.0 |
MIT License. Copyright (c) 2020-2021 Strontic.