» d3dcompiler_46.dll
Overview
Analysis
File Details

d3dcompiler_46.dll

Microsoft DirectX for Windows

Ad First Catch

Part of an Adpeak program that shows ads in the browser without providing information about the ad's origin. Ads are injected as banners or text-links in random web pages. While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The module d3dcompiler_46.dll, “Direct3D HLSL Compiler” by Ad First Catch has been detected as adware by 4 anti-malware scanners.

File name:

d3dcompiler_46.dll

Publisher:

Microsoft Corporation (signed by Ad First Catch)

Product:

Microsoft® DirectX for Windows®

Description:

Direct3D HLSL Compiler

Version:

9.30.9200.20789

MD5:

69ea57b487f37d017542553de8b3cd7c

SHA-1:

f5d418518682f067b498f7069486355575fadc1f

SHA-256:

9d703c8c3714c5b8c04c037ae6b9ce0ad81ca9686c81746f5ca12e7c10b5467b

Scanner detections:

4 / 68

Status:

Adware

Analysis date:

5/20/2024 7:19:28 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Iminent.49

9.0.1.0203

Malwarebytes

PUP.Optional.Clara.A

v2015.07.22.09

Reason Heuristics

PUP.AdPeak.AdFirstCatch

15.4.24.0

Trend Micro House Call

Suspicious_GEN.F47V0510

7.2.203

File size:

3.1 MB (3,218,848 bytes)

Product version:

9.30.9200.20789

Original file name:

d3dcompiler_46.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\windows\syswow64\first verify\d3dcompiler_46.dll

Digital Signature

Signed by:

Ad First Catch

Authority:

Ad First Catch

Valid from:

4/14/2015 10:46:48 PM

Valid to:

4/13/2016 10:46:48 PM

Subject:

CN=adfirst.nl, OU=Ads, O=Ad First Catch, S=Holland, C=NL

Issuer:

E=support@firstcatchads.nl, O=Ad First Catch, L=Amsterdam, S=Holland, C=NL

Serial number:

00E592A6D69AFA75B0

File PE Metadata

Compilation timestamp:

8/2/2013 9:17:55 PM

OS version:

6.2

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

10.10

CTPH (ssdeep):

49152:KAzNP99RYiigTKsuI12CzOtXPINjoTl7et+vXLHEpA7:KdgH/1BaFPINjoTl78+vL0A7

Entry address:

0x25EF83

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 91, FA, FF, FF, 5D, E9, 7A, FD, FF, FF, CC, CC, CC, CC, CC, FF, 25, 98, 85, 2F, 10, CC, CC, CC, CC, CC, CC, FF, 25, 90, 85, 2F, 10, CC, CC, CC, CC, CC, CC, FF, 25, 58, 85, 2F, 10, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 56, 8B, F1, FF, 15, F4, 84, 2F, 10, F6, 45, 08, 01, 74, 07, 56, E8, C3, FF, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, CC, CC, CC, CC, CC, 6A, 0C, 68, 08, C1, 2E, 10, E8, 6C, 03, 00, 00, 83, 65, E4, 00, 8B, 5D, 0C, 8B, C3, 8B, 7D, 10, 0F, AF, C7... 
[+]

Entropy:

6.4715

Code size:

2.9 MB (3,063,808 bytes)

Remove d3dcompiler_46.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.