2a61679eeedabf7d0d0ac14e5447486575622d6b7cfa56f136c1576ff96da21f

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2011-Mar-30 11:39:58
Detected languages English - United States
Debug artifacts DSETUP.pdb
CompanyName Microsoft Corporation
FileDescription Direct driver preloader
FileVersion 4.9.0.0904
InternalName dsetup.dll
LegalCopyright Copyright (c) Microsoft Corporation. All rights reserved.
OriginalFilename dsetup.dll
ProductName Microsoft® DirectX for Windows®
ProductVersion 4.9.0.0904

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryW
  • LoadLibraryA
  • GetProcAddress
 Can access the registry:
  • RegCloseKey
  • RegOpenKeyExA
  • RegDeleteKeyA
  • RegEnumKeyExA
  • RegQueryInfoKeyA
  • RegSetValueExA
  • RegCreateKeyExA
  • RegSetValueExW
  • RegCreateKeyExW
  • RegQueryValueExA
 Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
Info The PE is digitally signed. Signer: Microsoft Corporation
Issuer: Microsoft Code Signing PCA
Safe VirusTotal score: 0/72 (Scanned on 2026-03-24 22:57:45) All the AVs think this file is safe.

Hashes

MD5 eb701def7d0809e8da765a752ab42be5
SHA1 7897418f0fae737a3ebe4f7954118d71c6c8b426
SHA256 2a61679eeedabf7d0d0ac14e5447486575622d6b7cfa56f136c1576ff96da21f
SHA3 c6b167dd241b21d0a80513030ac7b434a4b72a88bafb63b29fe856226148b60c
SSDeep 1536:Bc8tBKv1HCyODN2wjIqlLmqxY3AMVI4I9okOEvc0/c/sZRYltL26VVE2S+JJqsHy:BftQv1iyODswNLmqxY3AMV71Ev54EAxM
Imports Hash fcc13f8625d566aaaa2bb3f0da90254b

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2011-Mar-30 11:39:58
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 10.0
SizeOfCode 0x12a00
SizeOfInitializedData 0x4e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00006BBC (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x14000
ImageBase 0x10000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 6.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x1a000
SizeOfHeaders 0x400
Checksum 0x23415
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x40000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x1000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 31f8d934446bb490202dbab4594142d5
SHA1 0602a0a51d2c41089a513d6a8857aff64d376805
SHA256 e842e81bb432ce07832166eb6aad8f2b41da3f1e3bd4af0a42fd6e965d628fae
SHA3 9a149e55189d81208f4933d093718fd116dca5288025a90a59d6c5d6d6ec4369
VirtualSize 0x12829
VirtualAddress 0x1000
SizeOfRawData 0x12a00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.59574

.data

MD5 bde92434ff6b8529c871041279dca82d
SHA1 e46eded487576c6892fb37f77f21a010bbbf4ad0
SHA256 42e751277f05e0e565e927dea0534c81ab0e446bbd297c8867d559255b2abcd5
SHA3 2f3975e675a2ffc56f2aca2e564e84cca23622a9a98e7d99ddd1fac9a576ada1
VirtualSize 0x2f84
VirtualAddress 0x14000
SizeOfRawData 0x1200
PointerToRawData 0x12e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.0979

.rsrc

MD5 6665ea7c478289dad3e81ab6fce4d02c
SHA1 b859ab5359c94fc0c9473dcf25c7e3496679e43b
SHA256 69e285100e725e47d9fb2654149d382820296a6e03892c377e51952e8dbe05c5
SHA3 018b816526d0e02ba85ca912142c7c6d32c55c15dbc72306225965b33883fe19
VirtualSize 0x668
VirtualAddress 0x17000
SizeOfRawData 0x800
PointerToRawData 0x14000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.83753

.reloc

MD5 d1e3ac2f3f5c16b7ac744cf5f76d4a47
SHA1 498fd136d07c2e50d1659393268945e6420d60d0
SHA256 d72fddf7eacd7fa36b9b612076ceb840b83203057050ff72a2e8812fc9c5374d
SHA3 a396023d5f8a8489e6c79c6cc84844625581de0714a61558c22cd3c7a6cd9edb
VirtualSize 0x14be
VirtualAddress 0x18000
SizeOfRawData 0x1600
PointerToRawData 0x14800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.16257

Imports

KERNEL32.dll GetCurrentDirectoryW
LocalFree
LocalAlloc
lstrcmpA
WideCharToMultiByte
GetSystemDefaultLCID
LoadLibraryW
GetModuleFileNameW
MultiByteToWideChar
CompareStringA
CreateDirectoryA
GetWindowsDirectoryA
FormatMessageA
GetCommandLineA
HeapFree
HeapReAlloc
HeapAlloc
GetLocalTime
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemDirectoryA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
RtlUnwind
WriteFile
InitializeCriticalSection
GetModuleHandleW
GetCPInfo
GetACP
GetOEMCP
Sleep
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
CreateFileA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetProcessHeap
ReadFile
VirtualProtect
GetSystemInfo
VirtualQuery
SetCurrentDirectoryA
GetVersionExA
LoadLibraryA
GetProcAddress
SetCurrentDirectoryW
OutputDebugStringA
CreateMutexA
GetLastError
CloseHandle
GetSystemTimeAsFileTime
FreeLibrary
USER32.dll GetKeyboardType
DestroyWindow
SetFocus
CreateDialogParamA
SetDlgItemTextA
MessageBoxA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
ADVAPI32.dll RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegSetValueExW
RegCreateKeyExW
RegQueryValueExA
WINMM.dll mmioRead
mmioDescend
mmioClose
mmioOpenA
VERSION.dll VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
ole32.dll StringFromGUID2

Delayed Imports

DirectXDeviceDriverSetupA

Ordinal 1
Address 0x41c4

DirectXDeviceDriverSetupW

Ordinal 2
Address 0x4278

DirectXRegisterApplicationA

Ordinal 3
Address 0x51b3

DirectXRegisterApplicationW

Ordinal 4
Address 0x57d6

DirectXSetupA

Ordinal 5
Address 0x4f9c

DirectXSetupIsJapan

Ordinal 6
Address 0x473a

DirectXSetupIsJapanNec

Ordinal 7
Address 0x5d97

DirectXSetupW

Ordinal 8
Address 0x505a

DirectXUnRegisterApplication

Ordinal 9
Address 0x432c

DirectXSetupSetCallback

Ordinal 10
Address 0x419c

DirectXSetupGetVersion

Ordinal 11
Address 0x3ca8

DirectXSetupCallback

Ordinal 12
Address 0x3d6d

DirectXSetupGetFileVersion

Ordinal 13
Address 0x3ed3

DirectXLoadString

Ordinal 14
Address 0x4e80

DirectXSetupIsEng

Ordinal 15
Address 0x4769

DirectXSetupShowEULA

Ordinal 16
Address 0x4ec7

DirectXSetupGetEULAA

Ordinal 17
Address 0x4f0e

DirectXSetupGetEULAW

Ordinal 18
Address 0x4f55

1

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x608
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.43589
MD5 09efeb980cc1a27b9d81b0b3b4a4dfa1
SHA1 2fa4d5aafd98603e9a6e35e66adbb326b003248c
SHA256 6c3adfc232f2ca368064275130e4e9ab7f863b14a4432d2ee28fcb76d1aecd03
SHA3 9e9705839843f7bd50b98ab966cdad7e757d6357e7248815420c563ad140f415

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 4.9.0.904
ProductVersion 4.9.0.904
FileFlags (EMPTY)
FileOs VOS_DOS
VOS_DOS_WINDOWS16
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS_OS232
VOS_OS232_PM32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_DRV
FileSubtype VFT2_DRV_INSTALLABLE
Language English - United States
CompanyName Microsoft Corporation
FileDescription Direct driver preloader
FileVersion (#2) 4.9.0.0904
InternalName dsetup.dll
LegalCopyright Copyright (c) Microsoft Corporation. All rights reserved.
OriginalFilename dsetup.dll
ProductName Microsoft® DirectX for Windows®
ProductVersion (#2) 4.9.0.0904
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2011-Mar-30 11:39:58
Version 0.0
SizeofData 35
AddressOfRawData 0x36e8
PointerToRawData 0x2ae8
Referenced File DSETUP.pdb

TLS Callbacks

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x10014010
SEHandlerTable 0x10003710
SEHandlerCount 3

RICH Header

XOR Key 0x2b16f0cf
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 13
Total imports 137
ASM objects (VS2012 build 50727 / VS2005 build 50727) 17
C++ objects (VS2012 build 50727 / VS2005 build 50727) 30
C objects (VS2012 build 50727 / VS2005 build 50727) 108
Exports (VS2010 build 30319) 1
C objects (VS2010 build 30319) 3
Resource objects (VS2010 build 30319) 1
Linker (VS2010 build 30319) 1

Errors

Leave a comment

No comments yet.