dxgi[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

dxgi.dll
Size

766KB
MD5

27b59e01e110f28e4950f5857c9d73b5
SHA1

1a728b0e326675bfccf82541f85a6527bb60c3ed
SHA256

1e93e0164291fd3f157d26a1dd05acbe2bf4e4ba45dfcd6c1439edf7811db011
SHA512

99f5bc1f792daf2ea806fb8e34547cfbe6e65c4f7e33b3e806ffad070f50f323de4f3c5aa52f2d3f1c63577c349051e6c8b9da261556e0e71442ea93398707ea
SSDEEP

12288:hRRqKrWcav2JmIZgsec35LMrr7mPYkSxNE+0aNykaMGPkVD8QiZhGfcSNUnDchqO:hRcK8XQg/XdJuC+Hdjpd75disp0JNr

Score

1^/10

Malware Config

Signatures

Files

dxgi.dll
.dll windows:10 windows x86 arch:x86

c62133e368c87b1949b8a510f23d3b7d

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:dc:b9:d3:3c:40:10:90:69:6a:71:5c:7e:83:37:6f:5f:96:f0:44:0d:d9:82:bc:0a:7b:98:69:99:fb:2b:cd
Signer

Actual PE Digest

22:dc:b9:d3:3c:40:10:90:69:6a:71:5c:7e:83:37:6f:5f:96:f0:44:0d:d9:82:bc:0a:7b:98:69:99:fb:2b:cd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dxgi.pdb

Imports

msvcrt

?terminate@@YAXXZ
_unlock
_initterm
_amsg_exit
__dllonexit
_onexit
_XcptFilter
memmove
memcpy
_lock
_CxxThrowException
??0exception@@QAE@ABQBD@Z
wcscpy_s
tolower
_stricmp
wcstol
??1type_info@@UAE@XZ
wcschr
_wcsnicmp
swprintf_s
_wcsicmp
wcscat_s
_wcslwr
wcsstr
wcsrchr
wcsncmp
toupper
strncmp
qsort
_finite
wcstombs_s
wcscspn
swscanf_s
wcsspn
malloc
free
_except_handler4_common
atoi
_vsnprintf
??0exception@@QAE@ABQBDH@Z
?what@exception@@UBEPBDXZ
memmove_s
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
memcmp
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memchr
ceil
_ftol2_sse
_ftol2
_purecall
_CIpow
__CxxFrameHandler3
memcpy_s
_vsnwprintf
_wtoi
memset

ntdll

RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
RtlUpcaseUnicodeString
RtlUnicodeStringToAnsiString
ZwQueryDirectoryFile
RtlpEnsureBufferSize
RtlNtPathNameToDosPathName
ZwUnmapViewOfSection
ZwMapViewOfSection
LdrResSearchResource
VerSetConditionMask
RtlVerifyVersionInfo
RtlImageDirectoryEntryToData
RtlGetVersion
RtlRunOnceExecuteOnce
NtClose
ZwQueryKey
ZwEnumerateValueKey
RtlUnicodeStringToInteger
RtlCopyUnicodeString
RtlInitString
ZwSetInformationProcess
ZwQueryInformationProcess
ZwCreateSection
ZwQueryInformationFile
ZwCreateFile
RtlFormatCurrentUserKeyPath
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwQueryValueKey
RtlInitUnicodeStringEx
ZwOpenKey
RtlFreeUnicodeString
ZwOpenFile
RtlDosPathNameToNtPathName_U_WithStatus
ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
ZwClose
RtlFreeHeap
ZwEnumerateKey
RtlReAllocateHeap
RtlAllocateHeap
NtQueryWnfStateData
NtQueryInformationProcess
EtwEventWriteTransfer
EtwEventWrite
RtlCaptureStackBackTrace
RtlIsMultiSessionSku
EtwEventSetInformation
RtlInitUnicodeString
RtlUnsubscribeWnfStateChangeNotification
NtQueryValueKey
RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlGetDeviceFamilyInfoEnum
RtlPublishWnfStateData
EtwEventWriteNoRegistration
RtlIsCriticalSectionLockedByThread
EtwEventUnregister
EtwEventRegister
RtlGUIDFromString

win32u

NtQueryCompositionSurfaceStatistics
NtUnBindCompositionSurface
NtBindCompositionSurface

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleA
GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameW
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleExA
FreeLibrary

api-ms-win-core-synch-l1-1-0

SetEvent
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
CreateMutexW
InitializeCriticalSection
CreateSemaphoreExW
OpenMutexW
CreateEventA
DeleteCriticalSection
AcquireSRWLockShared
InitializeCriticalSectionEx
CreateMutexExW
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
ReleaseSRWLockShared
ReleaseMutex
ReleaseSRWLockExclusive
InitializeSRWLock
ResetEvent
ReleaseSemaphore
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapReAlloc
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetLastError
SetLastError

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolWait
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
CreateThread
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CompareObjectHandles
CloseHandle
DuplicateHandle
GetHandleInformation

api-ms-win-security-base-l1-1-0

FreeSid
CheckTokenMembership
InitializeSid
GetSidLengthRequired
AllocateLocallyUniqueId
SetSecurityDescriptorDacl
SetKernelObjectSecurity
SetSecurityDescriptorSacl
AddMandatoryAce
IsValidSid
AllocateAndInitializeSid
AddAccessAllowedAce
GetSidSubAuthority
InitializeAcl
InitializeSecurityDescriptor
GetLengthSid

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
LoadLibraryA

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpA
lstrcmpW

api-ms-win-core-sysinfo-l1-1-0

GlobalMemoryStatusEx
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount
GetVersionExA

api-ms-win-core-registry-l1-1-0

RegCreateKeyExA
RegNotifyChangeKeyValue
RegGetValueW
RegQueryValueExA
RegQueryValueExW
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegOpenKeyExW
RegSetValueExA
RegGetValueA

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-core-psapi-l1-1-0

K32GetModuleInformation
K32GetModuleFileNameExW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-atoms-l1-1-0

GlobalAddAtomA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentStringsW
ExpandEnvironmentStringsW
FreeEnvironmentStringsW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

kernelbase

CheckIsMSIXPackage
BaseFormatObjectAttributes

api-ms-win-core-file-l1-1-0

CreateFileA
FindNextFileW
FindFirstFileW
GetLongPathNameW
GetDriveTypeW
FindClose
GetFileSize

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ApplyCompatResolutionQuirking
CompatString
CompatValue
CreateDXGIFactory
CreateDXGIFactory1
CreateDXGIFactory2
DXGID3D10CreateDevice
DXGID3D10CreateLayeredDevice
DXGID3D10GetLayeredDeviceSize
DXGID3D10RegisterLayers
DXGIDeclareAdapterRemovalSupport
DXGIDumpJournal
DXGIGetDebugInterface1
DXGIReportAdapterConfiguration
PIXBeginCapture
PIXEndCapture
PIXGetCaptureState
SetAppCompatStringPointer
UpdateHMDEmulationStatus

Sections

.text
Size: 611KB - Virtual size: 611KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c62133e368c87b1949b8a510f23d3b7d

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5fCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

22:dc:b9:d3:3c:40:10:90:69:6a:71:5c:7e:83:37:6f:5f:96:f0:44:0d:d9:82:bc:0a:7b:98:69:99:fb:2b:cdSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

win32u

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-errorhandling-l1-1-2

api-ms-win-core-version-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-quirks-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-atoms-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-apiquery-l1-1-0

kernelbase

api-ms-win-core-file-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 611KB - Virtual size: 611KB

.data Size: 1KB - Virtual size: 13KB

.idata Size: 9KB - Virtual size: 9KB

.didat Size: 1024B - Virtual size: 660B

.rsrc Size: 96KB - Virtual size: 95KB

.reloc Size: 30KB - Virtual size: 29KB

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

22:dc:b9:d3:3c:40:10:90:69:6a:71:5c:7e:83:37:6f:5f:96:f0:44:0d:d9:82:bc:0a:7b:98:69:99:fb:2b:cd
Signer

.text
Size: 611KB - Virtual size: 611KB

.data
Size: 1KB - Virtual size: 13KB

.idata
Size: 9KB - Virtual size: 9KB

.didat
Size: 1024B - Virtual size: 660B

.rsrc
Size: 96KB - Virtual size: 95KB

.reloc
Size: 30KB - Virtual size: 29KB