home

d3dcompiler_47.dll

Direct3D HLSL Compiler for Redistribution

Zhixiong Zhao

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The library d3dcompiler_47.dll, “Direct3D HLSL Compiler for Redistribution” has been detected as malware by 1 anti-virus scanner.
Publisher:
Microsoft Corporation  (signed by Zhixiong Zhao)

Product:
Microsoft® Windows® Operating System

Description:
Direct3D HLSL Compiler for Redistribution

Version:
6.3.9600.16384 (winblue_rtm.130821-1623)

MD5:
fa9d7feec1af5d262e56e3814e03191c

SHA-1:
31460490031ce69263d7da7b2bd7f2d06661017d

SHA-256:
09dc783e1b47840624122b4dfc963aeee66624dacfda557b5677f9d3a00cc5f0

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
1/13/2025 1:39:36 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Trojan.Ghokswa (M)
16.10.17.9

File size:
3.3 MB (3,457,248 bytes)

Product version:
6.3.9600.16384

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
d3dcompiler_47.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\ghokswa browser\ghokswa\d3dcompiler_47.dll

Digital Signature
Signed by:
Zhixiong Zhao

Authority:
thawte, Inc.

Valid from:
6/2/2015 2:00:00 AM

Valid to:
6/2/2016 1:59:59 AM

Subject:
CN=Zhixiong Zhao, OU=Individual Developer, O=No Organization Affiliation, L=Guangzhou, S=Guandong, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
57409EBFEBEAF8B7ABAF024ABACC1A0D

File PE Metadata
Compilation timestamp:
8/22/2013 5:50:06 AM

OS version:
6.3

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
49152:2yZ9lnpmVm/w+EwVOmufvkQS8MH2J9CqS5Sqr88pPWW5KhQYPsXqUiQs:D9fWAwVBC8MH2JNSF8+YPsXqUTs

Entry address:
0x30E737

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, D1, 08, 00, 00, 5D, E9, 2A, 00, 00, 00, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, B8, 63, 73, 6D, E0, 39, 45, 08, 75, 0D, FF, 75, 0C, 50, E8, 36, 07, 00, 00, 59, 59, 5D, C3, 33, C0, 5D, C3, CC, CC, CC, CC, CC, 6A, 2C, 68, B8, 8F, 31, 10, E8, 49, 09, 00, 00, C7, 45, E4, 01, 00, 00, 00, 33, F6, 89, 75, FC, 8B, 45, 0C, 83, F8, 01, 77, 05, A3, 00, A0, 31, 10, 83, 7D, 0C, 00, 75, 11, 83, 3D, 40, FC, 31, 10, 00, 75, 08, 89, 75, E4, E9, 1E, 02, 00, 00, 8B, 45, 0C, 83...
 
[+]

Entropy:
6.4389

Code size:
3.1 MB (3,245,568 bytes)

Remove d3dcompiler_47.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.