d3d9[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d3d9.dll
Size

2.1MB
MD5

972b9c13c75465b0d5a527584bb5819f
SHA1

a9e9cd45d93819a29196fb94c5e7236a445afeec
SHA256

0e3a267cc2a1b079b6e13d0b8a532a7c6456d1bb56e11a779772f7eceacb4a66
SHA512

587a728e0b21882d3bf25df03d58f0e11f904f604e0eb28aa84168f85f6eb6e5b6bc37d30fd5ec30a3b7ce0f2fe39b8e612eaea87e0d0a0cba62516957453001
SSDEEP

49152:gRPQarFz9kmbowsasKje1eSjM+QXRcvkVA1CS/KbMMGJK5qJBH8:cLrR9kmLjyGTjS/Kb548

Score

1^/10

Malware Config

Signatures

Files

d3d9.dll
.dll windows:6 windows x64 arch:x64

1ce9bb765645dcc6f0bd2a3e5a9edfd9

Code Sign

33:00:00:00:4e:a1:d8:07:70:a9:bb:e9:44:00:00:00:00:00:4e
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/07/2014, 20:32

Not After

01/10/2015, 20:32

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

88:9d:b9:01:1b:06:59:d3:af:fb:be:de:00:d5:0c:56:9e:ca:8b:f7:fd:fe:e0:95:9f:53:ae:20:7e:20:66:10
Signer

Actual PE Digest

88:9d:b9:01:1b:06:59:d3:af:fb:be:de:00:d5:0c:56:9e:ca:8b:f7:fd:fe:e0:95:9f:53:ae:20:7e:20:66:10

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d3d9.pdb

Imports

msvcrt

expf
floor
floorf
cosf
cos
ceil
strchr
__CxxFrameHandler3
log10f
logf
memcmp
memcpy
memset
pow
powf
sinf
sqrt
sqrtf
strcmp
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_vsnprintf
strstr
sscanf
realloc
strrchr
_purecall
malloc
free
_stricmp
memmove
isalnum
_aligned_malloc
_aligned_free
qsort
_resetstkoflw
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
memmove_s
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
memcpy_s
_aligned_realloc
memchr
atoi
strtoul
_CxxThrowException
wcscmp

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwRegisterTraceGuidsA
EtwGetTraceLoggerHandle
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
RtlIsCriticalSectionLockedByThread
EtwEventWrite
WinSqmAddToStreamEx
WinSqmIsOptedIn
EtwLogTraceEvent
VerSetConditionMask
EtwEventUnregister
EtwEventRegister
EtwEventWriteNoRegistration

api-ms-win-core-registry-l1-1-0

RegCreateKeyExA
RegGetValueA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegDeleteValueA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA

api-ms-win-security-base-l1-2-0

SetKernelObjectSecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSidSubAuthority
IsValidSid
InitializeSid
GetLengthSid
SetSecurityDescriptorSacl
AddMandatoryAce
GetSidLengthRequired
AddAccessAllowedAce
InitializeAcl

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-gdi-dpiinfo-l1-1-0

GetCurrentDpiInfo

user32

EnumDisplayDevicesA
SystemParametersInfoA
SetWindowPos
GetMonitorInfoA
IntersectRect
GetSystemMetrics
ReleaseDC
SetRect
OffsetRect
GetDC
GetClientRect
EnumDisplaySettingsA
GetWindowInfo
DisplayConfigGetDeviceInfo
ClientToScreen
EnumDisplayMonitors
IsWindowUnicode
GetWindowLongPtrW
GetWindowLongPtrA
PtInRect
SetForegroundWindow
GetForegroundWindow
IsWindowVisible
ShowWindow
IsZoomed
SetTimer
KillTimer
SetWindowLongPtrW
CallWindowProcW
NotifyOverlayWindow
SetWindowLongPtrA
CallWindowProcA
SendMessageA
PostMessageA
IsIconic
GetKeyState
GetWindowRect
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindow
OpenInputDesktop
GetUserObjectInformationA
CloseDesktop
GetThreadDesktop
RegisterHotKey
UnregisterHotKey
SetRectEmpty
UnionRect
IsProcessDPIAware
GetAncestor
GetWindowDisplayAffinity
SetWindowDisplayAffinity
GetWindowLongA
mouse_event
SetCursor
GetCursor
DestroyIcon
GetDesktopWindow
GetWindowDC
CreateIconIndirect
GetCursorPos
SetCursorPos
DefWindowProcA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

gdi32

D3DKMTDestroyContext
CreateDIBitmap
GetSystemPaletteEntries
GetNearestColor
GetDeviceCaps
D3DKMTWaitForVerticalBlankEvent
D3DKMTCreateOverlay
D3DKMTGetScanLine
D3DKMTPresent
D3DKMTOpenSyncObjectFromNtHandle
D3DKMTCreateContext
D3DKMTWaitForSynchronizationObject
D3DKMTDestroyAllocation
D3DKMTFlipOverlay
D3DKMTGetDeviceState
D3DKMTWaitForSynchronizationObject2
D3DKMTOfferAllocations
D3DKMTCheckOcclusion
D3DKMTCreateDCFromMemory
D3DKMTDestroyDevice
D3DKMTEnumAdapters
D3DKMTDestroyOverlay
D3DKMTUpdateOverlay
D3DKMTOpenAdapterFromDeviceName
D3DKMTCheckExclusiveOwnership
D3DKMTSetGammaRamp
D3DKMTRender
D3DKMTQueryResourceInfo
D3DKMTGetDisplayModeList
D3DKMTQueryStatistics
D3DKMTConfigureSharedResource
D3DKMTReclaimAllocations
D3DKMTCreateAllocation
D3DKMTReleaseProcessVidPnSourceOwners
D3DKMTCreateAllocation2
D3DKMTSetContextSchedulingPriority
D3DKMTOpenAdapterFromHdc
D3DKMTShareObjects
D3DKMTOpenResource2
D3DKMTSetQueuedLimit
D3DKMTSignalSynchronizationObject2
D3DKMTSharedPrimaryUnLockNotification
D3DKMTGetContextSchedulingPriority
D3DKMTDestroyDCFromMemory
D3DKMTQueryAdapterInfo
D3DKMTDestroySynchronizationObject
D3DKMTGetSharedPrimaryHandle
D3DKMTSetDisplayMode
D3DKMTSetAllocationPriority
D3DKMTGetRuntimeData
D3DKMTEscape
D3DKMTCreateSynchronizationObject2
D3DKMTGetOverlayState
D3DKMTCreateSynchronizationObject
D3DKMTOpenResource
D3DKMTUnlock
D3DKMTCreateDevice
D3DKMTGetMultisampleMethodList
D3DKMTQueryAllocationResidency
D3DKMTLock
D3DKMTCloseAdapter
D3DKMTCheckMonitorPowerState
D3DKMTSetDisplayPrivateDriverFormat
D3DKMTSetVidPnSourceOwner
D3DKMTSignalSynchronizationObject
D3DKMTSharedPrimaryLockNotification
DdEntry26
DdEntry33
DdEntry2
GetDeviceGammaRamp
SetLayout
DdEntry29
DdEntry6
DdEntry17
DdEntry49
DdEntry21
DdEntry34
DdEntry12
DdEntry37
DdEntry9
DeleteDC
DdEntry44
CreateDIBSection
StretchBlt
GetDIBits
DdEntry22
GdiEntry1
DdEntry25
DdEntry48
CreateDCA
DdEntry5
GetRegionData
DeleteObject
SelectObject
DdEntry40
DdEntry28
DdEntry56
DdEntry13
CreateCompatibleDC
DdEntry19
DdEntry45
DdEntry31
DdEntry38
DdEntry36
CreateCompatibleBitmap
DdEntry11
DdEntry16
DdEntry30
DdEntry1
DdEntry10
DdEntry43
DdEntry24
DdEntry27
DdEntry4
SetStretchBltMode
CreateRectRgn
DdEntry54
DdEntry50
DdEntry20
DdEntry3
DdEntry39
DdEntry53
DdEntry18
DdEntry23
GdiEntry13
DdEntry35
DdEntry46
DdEntry41
DdEntry42
GetRandomRgn
BitBlt

kernel32

RtlDeleteFunctionTable
WideCharToMultiByte
RtlAddFunctionTable
ResumeThread
SetThreadAffinityMask
GetProcessAffinityMask
AcquireSRWLockExclusive
OutputDebugStringW
ReleaseSRWLockExclusive
GetCurrentProcess
LocalFree
QueryPerformanceFrequency
GetModuleHandleA
LocalAlloc
VerifyVersionInfoA
Sleep
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
CloseHandle
DisableThreadLibraryCalls
FreeLibraryAndExitThread
CreateSemaphoreExA
SetErrorMode
LoadLibraryW
LoadLibraryA
InitializeCriticalSection
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FreeLibrary
GetModuleHandleW
GetProcAddress
GetModuleFileNameA
OutputDebugStringA
GetNativeSystemInfo
GetLastError
ReleaseMutex
WaitForSingleObject
MultiByteToWideChar
ReleaseSemaphore
InitializeSRWLock
GetProcessId
AcquireSRWLockShared
DebugBreak
GetSystemTime
GlobalAddAtomA
CreateSemaphoreA
lstrcmpA
OpenEventW
ResetEvent
CreateMutexW
HeapAlloc
HeapFree
GetProcessHeap
OpenMutexW
SetNamedPipeHandleState
ConnectNamedPipe
DisconnectNamedPipe
FlushFileBuffers
ReadFile
PeekNamedPipe
WriteFile
GetPrivateProfileStringA
TransactNamedPipe
WaitNamedPipeA
CreateFileA
CreateNamedPipeA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
SetThreadIdealProcessor
SetThreadPriority
GetCurrentThread
TlsAlloc
LoadLibraryExA
GetEnvironmentVariableA
TlsSetValue
TlsGetValue
lstrlenA
WaitForMultipleObjectsEx
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualProtect
ResolveDelayLoadedAPI
DelayLoadFailureHook
CreateThread
CreateEventA
SetEvent
GetLogicalProcessorInformation
GetVersionExA
IsProcessorFeaturePresent
GetFileSize
GetModuleHandleExW
SetLastError
GetModuleFileNameW
ReleaseSRWLockShared

dwmapi

DwmIsCompositionEnabled
ord128
ord137
ord136
ord100
ord101

Exports

Exports

D3DPERF_BeginEvent
D3DPERF_EndEvent
D3DPERF_GetStatus
D3DPERF_QueryRepeatFrame
D3DPERF_SetMarker
D3DPERF_SetOptions
D3DPERF_SetRegion
DebugSetLevel
DebugSetMute
Direct3D9EnableMaximizedWindowedModeShim
Direct3DCreate9
Direct3DCreate9Ex
Direct3DShaderValidatorCreate9
PSGPError
PSGPSampleTexture

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ce9bb765645dcc6f0bd2a3e5a9edfd9

Code Sign

33:00:00:00:4e:a1:d8:07:70:a9:bb:e9:44:00:00:00:00:00:4eCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

88:9d:b9:01:1b:06:59:d3:af:fb:be:de:00:d5:0c:56:9e:ca:8b:f7:fd:fe:e0:95:9f:53:ae:20:7e:20:66:10Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-registry-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-gdi-dpiinfo-l1-1-0

user32

version

gdi32

kernel32

dwmapi

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.data Size: 14KB - Virtual size: 31KB

.pdata Size: 70KB - Virtual size: 70KB

.idata Size: 14KB - Virtual size: 14KB

.didat Size: 512B - Virtual size: 64B

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 9KB - Virtual size: 8KB

33:00:00:00:4e:a1:d8:07:70:a9:bb:e9:44:00:00:00:00:00:4e
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

88:9d:b9:01:1b:06:59:d3:af:fb:be:de:00:d5:0c:56:9e:ca:8b:f7:fd:fe:e0:95:9f:53:ae:20:7e:20:66:10
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.data
Size: 14KB - Virtual size: 31KB

.pdata
Size: 70KB - Virtual size: 70KB

.idata
Size: 14KB - Virtual size: 14KB

.didat
Size: 512B - Virtual size: 64B

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 9KB - Virtual size: 8KB