home

d3dcompiler_43.dll

Microsoft DirectX for Windows

SIEN S.A.

This is the SIEN AppScion Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The module d3dcompiler_43.dll, “Direct3D HLSL Compiler” by SIEN S.A has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the SIEN SuperInstall installer.
Publisher:
Microsoft Corporation  (signed by SIEN S.A.)

Product:
Microsoft® DirectX for Windows®

Description:
Direct3D HLSL Compiler

Version:
9.29.952.3111

MD5:
ea5f4675b4f0cf5f4cc3ad92ddf52415

SHA-1:
35ea849135a24f341715ca93ec2ecb0f16760985

SHA-256:
342099ab8de89aa51842cb86a43f717c8601e048d3f4db49df15fb1e3929e309

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/24/2024 11:51:35 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Sien.SIENSA.Bundler (M)
16.2.11.4

File size:
2 MB (2,106,688 bytes)

Product version:
9.29.952.3111

Copyright:
Copyright © Microsoft Corp. 1994-2007

Original file name:
d3dcompiler_43.dll

File type:
Dynamic link library (Win32 DLL)

Bundler/Installer:
SIEN SuperInstall

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\beamrise\application\3.27.0.5541\d3dcompiler_43.dll

Digital Signature
Signed by:
SIEN S.A.

Authority:
VeriSign, Inc.

Valid from:
8/21/2012 9:00:00 PM

Valid to:
8/22/2014 8:59:59 PM

Subject:
CN=SIEN S.A., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SIEN S.A., L=Paris, S=France, C=FR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
514EA00D30C8C244C3E818890BF73967

File PE Metadata
Compilation timestamp:
5/21/2010 10:24:09 PM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
49152:EpX9JVeE9HP6Zpy9KyhMI50Du8LljslNsHSHFUq9OiapbbO5Aks:A3P9HP6Zpy9KyhMI50Du8LljslNsyHid

Entry address:
0x1EC09B

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, D9, 0B, 00, 00, 5D, E9, 7A, FD, FF, FF, CC, CC, CC, CC, CC, 3B, 0D, 98, 00, 1F, 10, 75, 03, C2, 00, 00, E9, 63, 0C, 00, 00, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 81, EC, D0, 02, 00, 00, A1, 98, 00, 1F, 10, 33, C5, 89, 45, FC, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89, BD, CC, FD, FF, FF, 66, 8C, 95, F8, FD, FF, FF, 66, 8C, 8D, EC, FD, FF, FF, 66, 8C, 9D, C8, FD, FF, FF, 66, 8C...
 
[+]

Code size:
1.9 MB (2,023,936 bytes)

Remove d3dcompiler_43.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.