home

d3dcompiler_47.dll

Direct3D HLSL Compiler for Redistribution

Shan Feng

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The module d3dcompiler_47.dll, “Direct3D HLSL Compiler for Redistribution” by Shan Feng has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Microsoft Corporation  (signed by Shan Feng)

Product:
Microsoft® Windows® Operating System

Description:
Direct3D HLSL Compiler for Redistribution

Version:
6.3.9600.16384 (winblue_rtm.130821-1623)

MD5:
4a68363cf0fa4a1aa7312cce4cf025c0

SHA-1:
cbd5142201122570efc82903c34e7ee92cad58ea

SHA-256:
43aa59a904063c3a26d33c30db67f8a4a9875becfa89fb380eb50d625b9bcb4e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
1/13/2025 4:03:37 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex (M)
16.9.10.1

File size:
3.3 MB (3,457,240 bytes)

Product version:
6.3.9600.16384

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
d3dcompiler_47.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\ghokswa browser\ghokswa\d3dcompiler_47.dll

Digital Signature
Signed by:
Shan Feng

Authority:
thawte, Inc.

Valid from:
10/23/2015 2:00:00 AM

Valid to:
10/23/2016 1:59:59 AM

Subject:
CN=Shan Feng, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
5BF17FB97476F1DA0D6F0CE492B01CD5

File PE Metadata
Compilation timestamp:
8/22/2013 5:50:06 AM

OS version:
6.3

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
49152:uyZ9lnpmVm/w+EwVOmufvkQS8MH2J9CqS5Sqr88pPWW5KhQYPsXqUiQKB:79fWAwVBC8MH2JNSF8+YPsXqUTKB

Entry address:
0x30E737

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, D1, 08, 00, 00, 5D, E9, 2A, 00, 00, 00, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, B8, 63, 73, 6D, E0, 39, 45, 08, 75, 0D, FF, 75, 0C, 50, E8, 36, 07, 00, 00, 59, 59, 5D, C3, 33, C0, 5D, C3, CC, CC, CC, CC, CC, 6A, 2C, 68, B8, 8F, 31, 10, E8, 49, 09, 00, 00, C7, 45, E4, 01, 00, 00, 00, 33, F6, 89, 75, FC, 8B, 45, 0C, 83, F8, 01, 77, 05, A3, 00, A0, 31, 10, 83, 7D, 0C, 00, 75, 11, 83, 3D, 40, FC, 31, 10, 00, 75, 08, 89, 75, E4, E9, 1E, 02, 00, 00, 8B, 45, 0C, 83...
 
[+]

Code size:
3.1 MB (3,245,568 bytes)

Remove d3dcompiler_47.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.