d3d9[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d3d9.dll
Size

1.5MB
MD5

0b19417582b72d3d5966cf396b6521ac
SHA1

be06df2905bb20f64f2ac9506afd8c6e94a6fe42
SHA256

ff2db00108cfc4ddd21a2d8f3b62a61c42f1e4fcbf1f49864be466baf513bcbe
SHA512

1d28b76f693baef3305fe61065de2ee6456c2359f24cd35ab09e5e36567a4be68e78fff948fc69792000cd1790da7f99ebe1c7849e962dd9b2fce368e1b7c043
SSDEEP

49152:Mb+4lokqs5OaYs2XTNaMTBiZ427TbTDXBgCRxpWGU8gG:vkJ5OaYs2XTUaBn2vbTDXBtBWdS

Score

1^/10

Malware Config

Signatures

Files

d3d9.dll
.dll windows:10 windows x86 arch:x86

158a4eccf50eb9324c8a9d6f2eca5302

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e9:c5:d6:a2:2b:b9:ba:ad:5a:99:f6:28:3c:64:c6:77:db:28:34:57:bf:38:b2:bc:3b:34:c7:70:72:f7:9f:c4
Signer

Actual PE Digest

e9:c5:d6:a2:2b:b9:ba:ad:5a:99:f6:28:3c:64:c6:77:db:28:34:57:bf:38:b2:bc:3b:34:c7:70:72:f7:9f:c4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d3d9.pdb

Imports

msvcrt

_ftol2_sse
ceil
floor
memcmp
memcpy
memmove
_CxxThrowException
_onexit
__dllonexit
_unlock
wcstol
_wtoi
wcschr
_wcsnicmp
swprintf_s
swscanf_s
_wcsicmp
wcscpy_s
wcscat_s
_wcslwr
wcsstr
wcsrchr
wcsncmp
toupper
strncmp
wcsspn
qsort
sprintf_s
strcat_s
??1exception@@UAE@XZ
_CIsqrt
_CIsin
_CIpow
_CIlog10
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
memcpy_s
_vsnwprintf
_vsnprintf_s
_purecall
memmove_s
malloc
free
_CIlog
_CIexp
_CIcos
_ftol2
_except_handler4_common
_vsnprintf
_stricmp
strcpy_s
strrchr
abort
sscanf_s
strstr
__iscsym
_XcptFilter
_amsg_exit
__CxxFrameHandler3
_initterm
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_lock
memset

ntdll

RtlUpcaseUnicodeString
RtlUnicodeStringToAnsiString
ZwQueryDirectoryFile
RtlpEnsureBufferSize
RtlNtPathNameToDosPathName
ZwUnmapViewOfSection
ZwMapViewOfSection
LdrResSearchResource
RtlVerifyVersionInfo
RtlImageDirectoryEntryToData
RtlGetVersion
RtlRunOnceExecuteOnce
NtClose
ZwQueryKey
ZwEnumerateValueKey
RtlUnicodeStringToInteger
RtlCopyUnicodeString
EtwEventWriteNoRegistration
RtlxAnsiStringToUnicodeSize
RtlInitString
ZwSetInformationProcess
ZwQueryInformationProcess
ZwCreateSection
ZwQueryInformationFile
ZwCreateFile
RtlFormatCurrentUserKeyPath
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwQueryValueKey
RtlInitUnicodeStringEx
ZwOpenKey
RtlFreeUnicodeString
ZwOpenFile
RtlDosPathNameToNtPathName_U_WithStatus
ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
RtlInitUnicodeString
ZwClose
RtlFreeHeap
ZwEnumerateKey
RtlReAllocateHeap
RtlAllocateHeap
NtQueryWnfStateData
NtQueryInformationProcess
RtlGUIDFromString
RtlDllShutdownInProgress
EtwEventWriteTransfer
EtwLogTraceEvent
EtwEventUnregister
NtQueryValueKey
EtwEventRegister
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsA
EtwGetTraceEnableLevel
RtlIsCriticalSectionLockedByThread
RtlPublishWnfStateData
VerSetConditionMask
RtlAnsiStringToUnicodeString

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyA
RegEnumValueA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegSetValueExA
RegGetValueA
RegCloseKey

api-ms-win-security-base-l1-1-0

AllocateLocallyUniqueId
GetSidSubAuthority
GetSidLengthRequired
InitializeSid
SetSecurityDescriptorDacl
AddMandatoryAce
IsValidSid
InitializeSecurityDescriptor
InitializeAcl
SetKernelObjectSecurity
GetLengthSid
AddAccessAllowedAce
SetSecurityDescriptorSacl

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-gdi-dpiinfo-l1-1-0

GetCurrentDpiInfo

user32

SetPropW
AttachThreadInput
MsgWaitForMultipleObjects
RemovePropW
GetPropW
DestroyWindow
DispatchMessageA
GetWindow
GetWindowThreadProcessId
GetWindowLongW
IsWindowUnicode
EnumDisplayMonitors
EqualRect
IsRectEmpty
SetWindowLongA
GetAncestor
PtInRect
NotifyOverlayWindow
SetCursorPos
GetCursorPos
CreateIconIndirect
GetWindowDC
GetDesktopWindow
DestroyIcon
GetCursor
LoadCursorW
UnionRect
SetRectEmpty
UnregisterHotKey
RegisterHotKey
GetThreadDesktop
CloseDesktop
GetUserObjectInformationA
OpenInputDesktop
CloseClipboard
SetClipboardData
SetWindowDisplayAffinity
GetWindowDisplayAffinity
GetForegroundWindow
SetForegroundWindow
mouse_event
GetWindowLongA
EmptyClipboard
OpenClipboard
GetWindowRect
GetKeyState
PostMessageA
SendMessageA
CallWindowProcA
CallWindowProcW
SetWindowLongW
KillTimer
SetTimer
TranslateMessage
PeekMessageA
UnregisterClassA
ShowWindow
IsZoomed
SetCursor
IsWindowVisible
IsWindow
DefWindowProcA
LoadIconA
RegisterClassA
CreateWindowExA
EnumDisplayDevicesA
DisplayConfigGetDeviceInfo
SystemParametersInfoA
SetWindowPos
GetMonitorInfoA
IntersectRect
SetRect
GetClientRect
EnumDisplaySettingsA
ClientToScreen
OffsetRect
GetSystemMetrics
ReleaseDC
GetWindowInfo
GetDC
MonitorFromWindow
IsIconic

api-ms-win-core-versionansi-l1-1-0

GetFileVersionInfoExA
VerQueryValueA
GetFileVersionInfoSizeExA

api-ms-win-appmodel-unlock-l1-1-0

IsDeveloperModeEnabled

win32u

NtUnBindCompositionSurface
NtQueryCompositionSurfaceStatistics
NtBindCompositionSurface
NtNotifyPresentToCompositionSurface

gdi32

DdEntry33
D3DKMTCacheHybridQueryValue
D3DKMTGetCachedHybridQueryValue
CreateDIBitmap
GetNearestColor
GetDeviceCaps
GetSystemPaletteEntries
DdEntry27
DdEntry20
DdEntry2
DdEntry38
DdEntry54
CreateCompatibleBitmap
SelectObject
CreateDIBSection
DdEntry30
DdEntry16
DdEntry42
CreateCompatibleDC
DdEntry25
DdEntry6
DdEntry31
DdEntry29
DdEntry44
StretchBlt
DdEntry43
DdEntry50
DdEntry46
DdEntry24
DdEntry12
DdEntry9
DdEntry26
SetLayout
DdEntry37
DdEntry22
GetDeviceGammaRamp
DdEntry28
DdEntry23
GetDIBits
DdEntry56
DdEntry17
DdEntry35
CreateRectRgn
DdEntry13
DdEntry19
DdEntry21
DdEntry53
GetRegionData
DdEntry45
DdEntry48
DdEntry40
DdEntry4
DdEntry5
GdiEntry1
DdEntry18
DdEntry36
DdEntry34
SetStretchBltMode
DdEntry39
DdEntry3
DdEntry11
DdEntry10
DeleteObject
DdEntry1
GetRandomRgn
DdEntry41
DdEntry49
D3DKMTMakeResident
D3DKMTPresent
D3DKMTEvict
D3DKMTDestroyAllocation2
D3DKMTLock2
D3DKMTCreateAllocation
D3DKMTMapGpuVirtualAddress
D3DKMTDestroyContext
D3DKMTDestroyAllocation
D3DKMTFreeGpuVirtualAddress
D3DKMTCloseAdapter
D3DKMTCreateHwQueue
D3DKMTSharedPrimaryUnLockNotification
D3DKMTRegisterTrimNotification
D3DKMTWaitForSynchronizationObjectFromCpu
D3DKMTEnumAdapters
D3DKMTUnregisterTrimNotification
D3DKMTDestroyOverlay
D3DKMTGetSharedPrimaryHandle
D3DKMTEscape
D3DKMTSubmitPresentToHwQueue
D3DKMTUnlock2
D3DKMTUpdateAllocationProperty
D3DKMTWaitForSynchronizationObject
D3DKMTDestroySynchronizationObject
D3DKMTQueryStatistics
D3DKMTShareObjects
D3DKMTConfigureSharedResource
D3DKMTSetGammaRamp
D3DKMTCreateSynchronizationObject2
D3DKMTCheckOcclusion
D3DKMTGetDisplayModeList
GdiEntry13
D3DKMTReclaimAllocations
D3DKMTCreateSynchronizationObject
D3DKMTUpdateGpuVirtualAddress
D3DKMTOpenAdapterFromHdc
D3DKMTDestroyDCFromMemory
D3DKMTOpenResource
D3DKMTQueryResourceInfoFromNtHandle
D3DKMTDestroyPagingQueue
D3DKMTCreateAllocation2
D3DKMTQueryAllocationResidency
D3DKMTUpdateOverlay
D3DKMTSharedPrimaryLockNotification
D3DKMTSetDisplayPrivateDriverFormat
D3DKMTCreateDevice
D3DKMTSubmitCommand
D3DKMTRender
D3DKMTCheckExclusiveOwnership
D3DKMTQueryVidPnExclusiveOwnership
D3DKMTDestroyHwQueue
D3DKMTInvalidateCache
D3DKMTSignalSynchronizationObjectFromGpu
D3DKMTSetQueuedLimit
D3DKMTWaitForSynchronizationObjectFromGpu
DeleteDC
D3DKMTSetDisplayMode
D3DKMTSubmitSignalSyncObjectsToHwQueue
D3DKMTSetVidPnSourceOwner1
D3DKMTSignalSynchronizationObject
D3DKMTReclaimAllocations2
D3DKMTCreateContext
D3DKMTSubmitCommandToHwQueue
D3DKMTReleaseProcessVidPnSourceOwners
D3DKMTCreatePagingQueue
D3DKMTSubmitWaitForSyncObjectsToHwQueue
D3DKMTCreateDCFromMemory
D3DKMTDestroyDevice
D3DKMTReserveGpuVirtualAddress
D3DKMTGetMultisampleMethodList
D3DKMTCheckMonitorPowerState
D3DKMTSignalSynchronizationObjectFromGpu2
D3DKMTSetAllocationPriority
D3DKMTOpenAdapterFromDeviceName
D3DKMTCreateContextVirtual
D3DKMTQueryResourceInfo
D3DKMTSignalSynchronizationObject2
D3DKMTGetScanLine
D3DKMTMarkDeviceAsError
D3DKMTUnlock
D3DKMTLock
D3DKMTGetMultiPlaneOverlayCaps
BitBlt
D3DKMTWaitForVerticalBlankEvent
D3DKMTQueryAdapterInfo
D3DKMTSetContextSchedulingPriority
D3DKMTOpenResourceFromNtHandle
D3DKMTGetDeviceState
D3DKMTGetResourcePresentPrivateDriverData
D3DKMTOfferAllocations
D3DKMTGetOverlayState
D3DKMTOpenSyncObjectFromNtHandle2
D3DKMTFlipOverlay
D3DKMTCreateOverlay
CreateDCA
D3DKMTSignalSynchronizationObjectFromCpu
D3DKMTWaitForSynchronizationObject2
D3DKMTGetContextSchedulingPriority
D3DKMTOpenResource2

kernel32

ExpandEnvironmentStringsW
GetFileSize
GetVersionExA
GetLogicalProcessorInformation
ResolveDelayLoadedAPI
DelayLoadFailureHook
GetLongPathNameW
FindClose
FindNextFileW
FindFirstFileW
FreeEnvironmentStringsW
GetEnvironmentStringsW
RegQueryValueExW
InitOnceComplete
OpenProcess
RegOpenKeyExW
RegGetValueW
K32GetModuleFileNameExW
InitOnceBeginInitialize
CreateEventA
CreateThread
SetEvent
GetModuleHandleExA
WaitForMultipleObjects
GetProcessMitigationPolicy
GetModuleFileNameW
GetSystemTimeAsFileTime
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateNamedPipeA
CreateFileA
WaitNamedPipeA
TransactNamedPipe
GetPrivateProfileStringA
WriteFile
PeekNamedPipe
ReadFile
FlushFileBuffers
DisconnectNamedPipe
ConnectNamedPipe
SetNamedPipeHandleState
OpenMutexW
CreateMutexW
CreateSemaphoreA
GlobalAddAtomA
ResetEvent
OpenEventW
GetTickCount
LocalFree
LocalAlloc
VerifyVersionInfoA
DisableThreadLibraryCalls
CreateSemaphoreExA
FreeLibraryAndExitThread
GetModuleHandleA
QueryPerformanceCounter
GetSystemTime
WideCharToMultiByte
LoadLibraryW
QueryPerformanceFrequency
Sleep
GetProcessId
GetCurrentProcess
InitializeSRWLock
lstrcmpA
SetErrorMode
LoadLibraryA
InitializeCriticalSection
LoadLibraryExW
FreeLibrary
OutputDebugStringA
GetNativeSystemInfo
IsDebuggerPresent
GetCurrentProcessId
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CloseThreadpoolTimer
OutputDebugStringW
ReleaseSRWLockExclusive
GetLastError
ReleaseMutex
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
SetLastError
CreateSemaphoreExW
DebugBreak
GetModuleHandleW
GetProcessHeap
GetProcAddress
HeapAlloc
FormatMessageW
GetCurrentThreadId
GetModuleHandleExW
HeapFree
GetModuleFileNameA
GetDriveTypeW

dwmapi

ord137
ord136
DwmIsCompositionEnabled
ord128
ord100

api-ms-win-shell-shellfolders-l1-1-0

SHGetKnownFolderPath

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

kernelbase

GetCurrentApplicationUserModelId
GetApplicationUserModelId
GetCurrentPackageFamilyName
GetCurrentPackageFullName
CheckIsMSIXPackage
GetPackageFamilyName

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventSetInformation
EventUnregister

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitializeEx

Exports

Exports

D3DPERF_BeginEvent
D3DPERF_EndEvent
D3DPERF_GetStatus
D3DPERF_QueryRepeatFrame
D3DPERF_SetMarker
D3DPERF_SetOptions
D3DPERF_SetRegion
DebugSetLevel
DebugSetMute
Direct3D9EnableMaximizedWindowedModeShim
Direct3DCreate9
Direct3DCreate9Ex
Direct3DCreate9On12
Direct3DCreate9On12Ex
Direct3DShaderValidatorCreate9
PSGPError
PSGPSampleTexture

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

158a4eccf50eb9324c8a9d6f2eca5302

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

e9:c5:d6:a2:2b:b9:ba:ad:5a:99:f6:28:3c:64:c6:77:db:28:34:57:bf:38:b2:bc:3b:34:c7:70:72:f7:9f:c4Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-registry-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-gdi-dpiinfo-l1-1-0

user32

api-ms-win-core-versionansi-l1-1-0

api-ms-win-appmodel-unlock-l1-1-0

win32u

gdi32

kernel32

dwmapi

api-ms-win-shell-shellfolders-l1-1-0

api-ms-win-core-apiquery-l1-1-0

kernelbase

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-com-l1-1-0

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.data Size: 7KB - Virtual size: 31KB

.idata Size: 16KB - Virtual size: 15KB

.didat Size: 512B - Virtual size: 28B

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 53KB - Virtual size: 52KB

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

e9:c5:d6:a2:2b:b9:ba:ad:5a:99:f6:28:3c:64:c6:77:db:28:34:57:bf:38:b2:bc:3b:34:c7:70:72:f7:9f:c4
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 7KB - Virtual size: 31KB

.idata
Size: 16KB - Virtual size: 15KB

.didat
Size: 512B - Virtual size: 28B

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 53KB - Virtual size: 52KB