dxgi[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dxgi.dll
Size

531KB
MD5

9e85ba32728294a61b63799a3cf57471
SHA1

fc2e7fdd20ba38bcc6b7408e77e783280c324d7c
SHA256

36357d753058e0dadeb5aae2b3a646f5d0d3c7ff31f249d4ac6a9758d8b8cde6
SHA512

ba76503b31fc8b9f2472fda85ac03c4b3bcaa03aac5fbc0e52154f47c1c9bba90f373e83027c9ebf3e4e9f96752b82a902ba3e1c2b94b8bb8d5cff74a60c89ba
SSDEEP

12288:jfPHJzfKGGL8AUYeyRf3V+FgEB2CNIHqSkI:bpffGLUYeyF3VXUIHqm

Score

1^/10

Malware Config

Signatures

Files

dxgi.dll
.dll windows:6 windows x64 arch:x64

895e186449b121738e14571d4fcf2c62

Code Sign

33:00:00:00:4e:a1:d8:07:70:a9:bb:e9:44:00:00:00:00:00:4e
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/07/2014, 20:32

Not After

01/10/2015, 20:32

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b2:38:d5:f6:c1:d7:b3:31:d6:a9:bc:5e:05:3f:95:df:c6:b5:ca:d9:93:d2:50:2d:97:7e:2e:a2:76:d1:d2:a3
Signer

Actual PE Digest

b2:38:d5:f6:c1:d7:b3:31:d6:a9:bc:5e:05:3f:95:df:c6:b5:ca:d9:93:d2:50:2d:97:7e:2e:a2:76:d1:d2:a3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dxgi.pdb

Imports

msvcrt

ceilf
memcmp
memcpy
_onexit
__dllonexit
_unlock
_purecall
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
malloc
__C_specific_handler
memset
free
_stricmp
tolower
_finite
memchr
_vsnwprintf
wcscspn
swscanf_s
wcsspn
atoi
_vsnprintf
??0exception@@QEAA@AEBQEBDH@Z
ldiv
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
memcpy_s
??0exception@@QEAA@AEBV0@@Z
_lock
powf

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
EtwEventWriteNoRegistration
RtlIsCriticalSectionLockedByThread
EtwEventUnregister
EtwEventRegister
RtlCaptureStackBackTrace
WinSqmAddToStreamEx
WinSqmIsOptedIn
EtwEventWrite

api-ms-win-core-synch-l1-2-0

InitializeCriticalSection
AcquireSRWLockShared
InitializeSRWLock
TryEnterCriticalSection
Sleep
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
ReleaseSRWLockExclusive
DeleteCriticalSection
ReleaseSRWLockShared
CreateEventA
ReleaseMutex
SetEvent
ReleaseSemaphore
OpenSemaphoreW
CreateMutexW
OpenMutexW
WaitForSingleObject
CreateSemaphoreExW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle
GetHandleInformation

api-ms-win-security-base-l1-2-0

InitializeSecurityDescriptor
AddAccessAllowedAce
SetKernelObjectSecurity
SetSecurityDescriptorSacl
GetSidSubAuthority
InitializeSid
SetSecurityDescriptorDacl
GetSidLengthRequired
AddMandatoryAce
InitializeAcl
GetLengthSid
IsValidSid
AllocateAndInitializeSid
FreeSid
CheckTokenMembership

api-ms-win-core-heap-l1-2-0

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-1

GetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
GetModuleFileNameW
GetModuleHandleA
DisableThreadLibraryCalls
GetModuleHandleExW
FreeLibrary
GetModuleHandleExA
GetModuleFileNameA

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
CreateThread
TerminateProcess

api-ms-win-core-sysinfo-l1-2-1

GetVersionExA
GetTickCount
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-debug-l1-1-1

DebugBreak
OutputDebugStringW
OutputDebugStringA

api-ms-win-core-registry-l1-1-0

RegOpenKeyExA
RegGetValueA
RegQueryValueExA
RegOpenKeyExW
RegSetValueExA
RegCreateKeyExA
RegEnumKeyExA
RegGetValueW
RegCloseKey

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-file-l1-2-1

CreateFileA
GetFileSize

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpA
lstrcmpW

api-ms-win-core-psapi-obsolete-l1-1-0

K32GetModuleInformation

api-ms-win-core-atoms-l1-1-0

GlobalAddAtomA

api-ms-win-core-kernel32-legacy-l1-1-1

LoadLibraryW
LoadLibraryA

user32

MonitorFromRect
AdjustWindowRectEx
LoadCursorW
DestroyWindow
SetForegroundWindow
SubtractRect
OffsetRect
GetAncestor
IsRectEmpty
UnregisterHotKey
RegisterHotKey
CallNextHookEx
GetWindowDisplayAffinity
SetWindowDisplayAffinity
SetWindowPos
CreateWindowExA
RegisterClassA
LoadCursorA
LoadIconA
DefWindowProcA
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowThreadProcessId
GetClassNameA
IsWindowVisible
GetWindow
GetWindowRect
GetClientRect
GetWindowLongA
GetLayeredWindowAttributes
GetWindowInfo
ReleaseDC
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetDC
UnionRect
EqualRect
IntersectRect
MonitorFromWindow
IsWindow
DisplayConfigGetDeviceInfo
SetRect
GetSystemMetrics
QueryDisplayConfig
GetDisplayConfigBufferSizes
EnumDisplaySettingsW
EnumDisplayDevicesW
GetMonitorInfoW
EnumDisplayMonitors
ChangeDisplaySettingsExW
SetWindowLongA
UnregisterClassA
ord2521
GetWindowCompositionAttribute

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

Exports

Exports

CompatString
CompatValue
CreateDXGIFactory
CreateDXGIFactory1
CreateDXGIFactory2
D3DKMTCloseAdapter
D3DKMTCreateAllocation
D3DKMTCreateContext
D3DKMTCreateDevice
D3DKMTCreateSynchronizationObject
D3DKMTDestroyAllocation
D3DKMTDestroyContext
D3DKMTDestroyDevice
D3DKMTDestroySynchronizationObject
D3DKMTEscape
D3DKMTGetContextSchedulingPriority
D3DKMTGetDeviceState
D3DKMTGetDisplayModeList
D3DKMTGetMultisampleMethodList
D3DKMTGetRuntimeData
D3DKMTGetSharedPrimaryHandle
D3DKMTLock
D3DKMTOpenAdapterFromHdc
D3DKMTOpenResource
D3DKMTPresent
D3DKMTQueryAdapterInfo
D3DKMTQueryAllocationResidency
D3DKMTQueryResourceInfo
D3DKMTRender
D3DKMTSetAllocationPriority
D3DKMTSetContextSchedulingPriority
D3DKMTSetDisplayMode
D3DKMTSetDisplayPrivateDriverFormat
D3DKMTSetGammaRamp
D3DKMTSetVidPnSourceOwner
D3DKMTSignalSynchronizationObject
D3DKMTUnlock
D3DKMTWaitForSynchronizationObject
D3DKMTWaitForVerticalBlankEvent
DXGID3D10CreateDevice
DXGID3D10CreateLayeredDevice
DXGID3D10ETWRundown
DXGID3D10GetLayeredDeviceSize
DXGID3D10RegisterLayers
DXGIDumpJournal
DXGIGetDebugInterface1
DXGIReportAdapterConfiguration
DXGIRevertToSxS
OpenAdapter10
OpenAdapter10_2
SetAppCompatStringPointer

Sections

.text
Size: 393KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

895e186449b121738e14571d4fcf2c62

Code Sign

33:00:00:00:4e:a1:d8:07:70:a9:bb:e9:44:00:00:00:00:00:4eCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

b2:38:d5:f6:c1:d7:b3:31:d6:a9:bc:5e:05:3f:95:df:c6:b5:ca:d9:93:d2:50:2d:97:7e:2e:a2:76:d1:d2:a3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-synch-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-version-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-file-l1-2-1

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-psapi-obsolete-l1-1-0

api-ms-win-core-atoms-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

user32

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 393KB - Virtual size: 392KB

.data Size: 10KB - Virtual size: 10KB

.pdata Size: 20KB - Virtual size: 20KB

.idata Size: 9KB - Virtual size: 8KB

.didat Size: 512B - Virtual size: 360B

.rsrc Size: 82KB - Virtual size: 81KB

.reloc Size: 2KB - Virtual size: 1KB

33:00:00:00:4e:a1:d8:07:70:a9:bb:e9:44:00:00:00:00:00:4e
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

b2:38:d5:f6:c1:d7:b3:31:d6:a9:bc:5e:05:3f:95:df:c6:b5:ca:d9:93:d2:50:2d:97:7e:2e:a2:76:d1:d2:a3
Signer

.text
Size: 393KB - Virtual size: 392KB

.data
Size: 10KB - Virtual size: 10KB

.pdata
Size: 20KB - Virtual size: 20KB

.idata
Size: 9KB - Virtual size: 8KB

.didat
Size: 512B - Virtual size: 360B

.rsrc
Size: 82KB - Virtual size: 81KB

.reloc
Size: 2KB - Virtual size: 1KB