home

d3dcompiler_47.dll

Direct3D HLSL Compiler for Redistribution

Shan Feng

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The module d3dcompiler_47.dll, “Direct3D HLSL Compiler for Redistribution” by Shan Feng has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Microsoft Corporation  (signed by Shan Feng)

Product:
Microsoft® Windows® Operating System

Description:
Direct3D HLSL Compiler for Redistribution

Version:
10.0.10586.15 (th2_release.151119-1817)

MD5:
053b81890a5eb1ff60b4483dda1b1daa

SHA-1:
662db1d6b89d4a372010e0bc219815b25c2a6097

SHA-256:
e3d9dad30e8262610723d13a9474f23e0f443e2702a31a21e4c141cdf1cc8667

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 3:23:53 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex.ShanFeng (M)
16.7.8.1

File size:
3.5 MB (3,698,560 bytes)

Product version:
10.0.10586.15

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
d3dcompiler_47.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\toolduck\toolduck\d3dcompiler_47.dll

Digital Signature
Signed by:
Shan Feng

Authority:
thawte, Inc.

Valid from:
5/6/2016 5:30:00 AM

Valid to:
2/4/2017 5:29:59 AM

Subject:
CN=Shan Feng, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
1B853FB691BA9396C7738041A583DCD1

File PE Metadata
Compilation timestamp:
11/20/2015 10:23:44 AM

OS version:
10.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
12.10

CTPH (ssdeep):
49152:iXxztRVg63VCssRWQnP73DPFeYjLpZyLpsRug4TJz07+G3:iBzrVgoVCbLxTpkpsRugYi3

Entry address:
0x2B3610

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 08, 08, 00, 00, 5D, E9, 2A, 00, 00, 00, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, B8, 63, 73, 6D, E0, 39, 45, 08, 75, 0D, FF, 75, 0C, 50, E8, 67, 06, 00, 00, 59, 59, 5D, C3, 33, C0, 5D, C3, CC, CC, CC, CC, CC, 6A, 30, 68, C0, 06, 36, 10, E8, 80, 08, 00, 00, C7, 45, E0, 01, 00, 00, 00, 33, F6, 89, 75, FC, 8B, 45, 0C, 83, F8, 01, 77, 05, A3, 00, 10, 36, 10, 83, 7D, 0C, 00, 75, 11, 83, 3D, 70, 72, 36, 10, 00, 75, 08, 89, 75, E0, E9, 39, 02, 00, 00, 8B, 45, 0C, 83...
 
[+]

Entropy:
6.5554

Code size:
3.4 MB (3,537,920 bytes)

Remove d3dcompiler_47.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.