dxdiagn[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dxdiagn.dll
Size

449KB
MD5

60e48cc6219dc07708b74c313d5cc987
SHA1

e3e8d45910721db84117697fb31c2ab529162bbe
SHA256

f293cccd51856df11fadfb67ca6fe15b5d020577aadb00704a7f28f8b40559bf
SHA512

198b169ef122ac5d76c5dd6f83cd0d9baca09d6badaa28274b52405817aff99ed7c3b72fb8431838a282759489625181e3b4a12fb1591ab7541096e9a2f1ecc1
SSDEEP

12288:ao/OEVnrzeasJuhYzpOKWOKk/pCjytFQP:aoJVnRsJEYhKk/p3FQP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dxdiagn.dll

Files

dxdiagn.dll
.dll regsvr32 windows:10 windows x86 arch:x86

5d2d1f4ae8796eebedc86d568939ef6a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dxdiagn.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_control87

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
_o__wcslwr
memmove
_o__wsplitpath_s
_o__wtoi
_o_free
_o_isdigit
_o_iswalpha
_o_iswdigit
_o_malloc
_o_qsort
_o_realloc
_o_terminate
_o_toupper
_o_towlower
_o_towupper
_o_wcscat_s
_o_wcscpy_s
_except_handler4_common
_CxxThrowException
_o__execute_onexit_table
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
wcsstr
wcsrchr
wcschr
_o__errno
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__crt_atexit
_o__wcsnicmp
_o__configure_narrow_argv
_o__cexit
__std_terminate
_o__callnewh
__CxxFrameHandler3
_o__beginthreadex
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsncmp
wcsnlen
wcsspn
memset
strncmp

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
LoadStringW
GetModuleHandleW
LoadLibraryExW

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation

api-ms-win-core-file-l1-1-0

GetFullPathNameW
GetDriveTypeW
FindNextFileW
FileTimeToLocalFileTime
CreateFileW
GetFileAttributesW
FindClose
FindFirstFileW
GetLongPathNameW

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegEnumValueW
RegOpenKeyExW
RegCloseKey
RegGetValueW
RegQueryValueExW
RegEnumKeyExW
RegSetValueExW

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW
RegOpenKeyW
RegEnumKeyW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GlobalMemoryStatusEx
GetSystemTimeAsFileTime
GetVersionExW
GetWindowsDirectoryW
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetLocalTime
GetSystemInfo

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

d3d11

D3D11CreateDevice

d3d12

ord101

kernelbase

lstrcmpW

msvcp_win

?_Xlength_error@std@@YAXPBD@Z

oleaut32

VariantCopy
SafeArrayAccessData
SysFreeString
VariantInit
VariantClear
SysAllocString
SafeArrayUnaccessData

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW

api-ms-win-core-com-l1-1-0

CoUninitialize
PropVariantClear
CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree
StringFromGUID2
CLSIDFromString
CoInitializeEx

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
AcquireSRWLockShared
ReleaseSemaphore
CreateSemaphoreExW
OpenSemaphoreW
ReleaseMutex
AcquireSRWLockExclusive
CreateMutexExW
ReleaseSRWLockExclusive
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSRWLockShared
EnterCriticalSection
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW
OpenServiceW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
FormatMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-string-l2-1-0

CharLowerBuffW
CharNextW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-processenvironment-l1-1-0

SetCurrentDirectoryW
GetCurrentDirectoryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
ExpandEnvironmentStringsW

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

api-ms-win-devices-config-l1-1-1

CM_Open_DevNode_Key
CM_Get_Sibling
CM_Get_Device_IDW
CM_Get_Parent
CM_Get_Device_Interface_PropertyW
CM_Locate_DevNodeW
CM_Get_Child

api-ms-win-core-sysinfo-l1-2-1

GetPhysicallyInstalledSystemMemory

api-ms-win-core-privateprofile-l1-1-0

GetProfileIntW

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask
GetNativeSystemInfo

api-ms-win-core-kernel32-legacy-l1-1-0

GlobalMemoryStatus
GetSystemPowerStatus

api-ms-win-core-kernel32-legacy-l1-1-1

GetFirmwareType

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateString

api-ms-win-security-cryptoapi-l1-1-0

CryptReleaseContext
CryptAcquireContextW

api-ms-win-power-setting-l1-1-0

PowerReadACValue
PowerGetActiveScheme
PowerReadDCValue

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

ntdll

ZwQueryDirectoryFile
RtlpEnsureBufferSize
RtlNtPathNameToDosPathName
ZwUnmapViewOfSection
LdrResSearchResource
RtlVerifyVersionInfo
RtlImageDirectoryEntryToData
RtlGetVersion
RtlRunOnceExecuteOnce
NtClose
ZwQueryKey
ZwEnumerateValueKey
RtlUnicodeStringToAnsiString
RtlCopyUnicodeString
ZwCreateSection
ZwQuerySystemInformation
ZwQueryInformationFile
RtlUpcaseUnicodeString
RtlGetNativeSystemInformation
ZwCreateFile
RtlUpcaseUnicodeChar
RtlFormatCurrentUserKeyPath
RtlAppendUnicodeToString
RtlInitUnicodeString
ZwClose
RtlFreeHeap
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlAppendUnicodeStringToString
RtlxAnsiStringToUnicodeSize
RtlGUIDFromString
ZwSetInformationProcess
ZwEnumerateKey
RtlReAllocateHeap
RtlAllocateHeap
ZwQueryValueKey
RtlInitUnicodeStringEx
ZwQueryInformationProcess
ZwOpenKey
ZwOpenFile
NtQueryValueKey
RtlUnicodeStringToInteger
RtlDosPathNameToNtPathName_U_WithStatus
ZwMapViewOfSection
RtlInitString

devobj

DevObjGetDeviceInterfaceProperty
DevObjEnumDeviceInfo
DevObjOpenDeviceInfo
DevObjOpenDeviceInterface
DevObjGetDeviceProperty
DevObjCreateDeviceInfoList
DevObjEnumDeviceInterfaces
DevObjGetDeviceInterfaceDetail
DevObjGetDeviceInstanceId
DevObjGetClassDevs
DevObjGetDeviceRegistryProperty
DevObjDestroyDeviceInfoList
DevObjOpenDevRegKey

api-ms-win-mm-misc-l1-1-0

mmioClose
mmioOpenW
mmioDescend
mmioRead

api-ms-win-core-kernel32-private-l1-1-0

Wow64EnableWow64FsRedirection

dxgi

CreateDXGIFactory1

api-ms-win-ntuser-sysparams-l1-1-0

EnumDisplaySettingsW
EnumDisplayMonitors
GetMonitorInfoW
QueryDisplayConfig
GetSystemMetrics
DisplayConfigGetDeviceInfo
GetDisplayConfigBufferSizes
EnumDisplayDevicesW

api-ms-win-rtcore-ntuser-window-l1-1-0

FindWindowW

cfgmgr32

CM_Get_Device_ID_ExW
CM_Get_Device_Interface_AliasW

wmiclnt

WmiCloseBlock
WmiOpenBlock
WmiQuerySingleInstanceW

wintrust

CryptCATOpen
CryptCATEnumerateCatAttr
CryptCATClose

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-dx-d3dkmt-l1-1-1

D3DKMTNetDispQueryMiracastDisplayDeviceSupport

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d2d1f4ae8796eebedc86d568939ef6a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-1

d3d11

d3d12

kernelbase

msvcp_win

oleaut32

api-ms-win-core-string-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-service-winsvc-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-string-l2-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-shcore-scaling-l1-1-1

api-ms-win-devices-config-l1-1-1

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-privateprofile-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-security-cryptoapi-l1-1-0

api-ms-win-power-setting-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-2-0

ntdll

devobj

api-ms-win-mm-misc-l1-1-0

api-ms-win-core-kernel32-private-l1-1-0

dxgi

api-ms-win-ntuser-sysparams-l1-1-0

api-ms-win-rtcore-ntuser-window-l1-1-0

cfgmgr32

wmiclnt

wintrust

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-dx-d3dkmt-l1-1-1

Exports

Exports

Sections

.text Size: 412KB - Virtual size: 411KB

.data Size: 2KB - Virtual size: 11KB

.text
Size: 412KB - Virtual size: 411KB

.data
Size: 2KB - Virtual size: 11KB

.idata
Size: 12KB - Virtual size: 11KB

.didat
Size: 512B - Virtual size: 16B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 18KB - Virtual size: 18KB