dxgi[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dxgi.dll
Size

767KB
MD5

eccb96d300e971e8c8071fe253f46875
SHA1

be000c871a8cf924ee4803165fd929232ca23ebd
SHA256

4869639c5c22b48d33ffb73a841590b5a004fd349090e06fc92612b34aca534f
SHA512

1c8b4d8bdc1f8e6d8c415028a0d478f5ee145dce7fb0d959ffb6629826308f6cd81395c8d0810b1c1391a45581c6d892189cd1d2fca588e057a1ada49b068f97
SSDEEP

12288:V5qKcaxIbALYs47fNAm5zuLlLZMfYxcu27D9zAvO65lDEe08Oa4:V0KSQ4emyZMwWumxzAvO65lDEe08B4

Score

1^/10

Malware Config

Signatures

Files

dxgi.dll
.dll windows:10 windows x86 arch:x86

c62133e368c87b1949b8a510f23d3b7d

Code Sign

33:00:00:03:3b:65:5f:ae:fa:db:75:e9:d6:00:00:00:00:03:3b
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8d:3f:88:83:fe:b0:4b:51:a0:e7:b3:f2:0b:a8:1f:e2:2b:69:35:4a:e7:c2:cd:83:a6:8d:d8:88:74:cb:40:a4
Signer

Actual PE Digest

8d:3f:88:83:fe:b0:4b:51:a0:e7:b3:f2:0b:a8:1f:e2:2b:69:35:4a:e7:c2:cd:83:a6:8d:d8:88:74:cb:40:a4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dxgi.pdb

Imports

msvcrt

?terminate@@YAXXZ
_unlock
_initterm
_amsg_exit
__dllonexit
_onexit
_XcptFilter
memmove
memcpy
_lock
_CxxThrowException
??0exception@@QAE@ABQBD@Z
wcscpy_s
tolower
_stricmp
wcstol
??1type_info@@UAE@XZ
wcschr
_wcsnicmp
swprintf_s
_wcsicmp
wcscat_s
_wcslwr
wcsstr
wcsrchr
wcsncmp
toupper
strncmp
qsort
_finite
wcstombs_s
wcscspn
swscanf_s
wcsspn
malloc
free
_except_handler4_common
atoi
_vsnprintf
??0exception@@QAE@ABQBDH@Z
?what@exception@@UBEPBDXZ
memmove_s
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
memcmp
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memchr
ceil
_ftol2_sse
_ftol2
_purecall
_CIpow
__CxxFrameHandler3
memcpy_s
_vsnwprintf
_wtoi
memset

ntdll

RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
RtlUpcaseUnicodeString
RtlUnicodeStringToAnsiString
ZwQueryDirectoryFile
RtlpEnsureBufferSize
RtlNtPathNameToDosPathName
ZwUnmapViewOfSection
ZwMapViewOfSection
LdrResSearchResource
VerSetConditionMask
RtlVerifyVersionInfo
RtlImageDirectoryEntryToData
RtlGetVersion
RtlRunOnceExecuteOnce
NtClose
ZwQueryKey
ZwEnumerateValueKey
RtlUnicodeStringToInteger
RtlCopyUnicodeString
RtlInitString
ZwSetInformationProcess
ZwQueryInformationProcess
ZwCreateSection
ZwQueryInformationFile
ZwCreateFile
RtlFormatCurrentUserKeyPath
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwQueryValueKey
RtlInitUnicodeStringEx
ZwOpenKey
RtlFreeUnicodeString
ZwOpenFile
RtlDosPathNameToNtPathName_U_WithStatus
ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
ZwClose
RtlFreeHeap
ZwEnumerateKey
RtlReAllocateHeap
RtlAllocateHeap
NtQueryWnfStateData
NtQueryInformationProcess
EtwEventWriteTransfer
EtwEventWrite
RtlCaptureStackBackTrace
RtlIsMultiSessionSku
EtwEventSetInformation
RtlInitUnicodeString
RtlUnsubscribeWnfStateChangeNotification
NtQueryValueKey
RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlGetDeviceFamilyInfoEnum
RtlPublishWnfStateData
EtwEventWriteNoRegistration
RtlIsCriticalSectionLockedByThread
EtwEventUnregister
EtwEventRegister
RtlGUIDFromString

win32u

NtQueryCompositionSurfaceStatistics
NtUnBindCompositionSurface
NtBindCompositionSurface

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleA
GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameW
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleExA
FreeLibrary

api-ms-win-core-synch-l1-1-0

SetEvent
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
CreateMutexW
InitializeCriticalSection
CreateSemaphoreExW
OpenMutexW
CreateEventA
DeleteCriticalSection
AcquireSRWLockShared
InitializeCriticalSectionEx
CreateMutexExW
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
ReleaseSRWLockShared
ReleaseMutex
ReleaseSRWLockExclusive
InitializeSRWLock
ResetEvent
ReleaseSemaphore
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapReAlloc
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetLastError
SetLastError

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolWait
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
CreateThread
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CompareObjectHandles
CloseHandle
DuplicateHandle
GetHandleInformation

api-ms-win-security-base-l1-1-0

FreeSid
CheckTokenMembership
InitializeSid
GetSidLengthRequired
AllocateLocallyUniqueId
SetSecurityDescriptorDacl
SetKernelObjectSecurity
SetSecurityDescriptorSacl
AddMandatoryAce
IsValidSid
AllocateAndInitializeSid
AddAccessAllowedAce
GetSidSubAuthority
InitializeAcl
InitializeSecurityDescriptor
GetLengthSid

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
LoadLibraryA

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpA
lstrcmpW

api-ms-win-core-sysinfo-l1-1-0

GlobalMemoryStatusEx
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount
GetVersionExA

api-ms-win-core-registry-l1-1-0

RegCreateKeyExA
RegNotifyChangeKeyValue
RegGetValueW
RegQueryValueExA
RegQueryValueExW
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegOpenKeyExW
RegSetValueExA
RegGetValueA

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-core-psapi-l1-1-0

K32GetModuleInformation
K32GetModuleFileNameExW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-atoms-l1-1-0

GlobalAddAtomA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentStringsW
ExpandEnvironmentStringsW
FreeEnvironmentStringsW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

kernelbase

CheckIsMSIXPackage
BaseFormatObjectAttributes

api-ms-win-core-file-l1-1-0

CreateFileA
FindNextFileW
FindFirstFileW
GetLongPathNameW
GetDriveTypeW
FindClose
GetFileSize

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ApplyCompatResolutionQuirking
CompatString
CompatValue
CreateDXGIFactory
CreateDXGIFactory1
CreateDXGIFactory2
DXGID3D10CreateDevice
DXGID3D10CreateLayeredDevice
DXGID3D10GetLayeredDeviceSize
DXGID3D10RegisterLayers
DXGIDeclareAdapterRemovalSupport
DXGIDumpJournal
DXGIGetDebugInterface1
DXGIReportAdapterConfiguration
PIXBeginCapture
PIXEndCapture
PIXGetCaptureState
SetAppCompatStringPointer
UpdateHMDEmulationStatus

Sections

.text
Size: 612KB - Virtual size: 612KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c62133e368c87b1949b8a510f23d3b7d

Code Sign

33:00:00:03:3b:65:5f:ae:fa:db:75:e9:d6:00:00:00:00:03:3bCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

8d:3f:88:83:fe:b0:4b:51:a0:e7:b3:f2:0b:a8:1f:e2:2b:69:35:4a:e7:c2:cd:83:a6:8d:d8:88:74:cb:40:a4Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

win32u

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-errorhandling-l1-1-2

api-ms-win-core-version-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-quirks-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-atoms-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-apiquery-l1-1-0

kernelbase

api-ms-win-core-file-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 612KB - Virtual size: 612KB

.data Size: 1KB - Virtual size: 13KB

.idata Size: 9KB - Virtual size: 9KB

.didat Size: 1024B - Virtual size: 660B

.rsrc Size: 96KB - Virtual size: 95KB

.reloc Size: 30KB - Virtual size: 29KB

33:00:00:03:3b:65:5f:ae:fa:db:75:e9:d6:00:00:00:00:03:3b
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

8d:3f:88:83:fe:b0:4b:51:a0:e7:b3:f2:0b:a8:1f:e2:2b:69:35:4a:e7:c2:cd:83:a6:8d:d8:88:74:cb:40:a4
Signer

.text
Size: 612KB - Virtual size: 612KB

.data
Size: 1KB - Virtual size: 13KB

.idata
Size: 9KB - Virtual size: 9KB

.didat
Size: 1024B - Virtual size: 660B

.rsrc
Size: 96KB - Virtual size: 95KB

.reloc
Size: 30KB - Virtual size: 29KB