» d3dx9_43.dll
Overview
Analysis
File Details

d3dx9_43.dll

Microsoft DirectX for Windows

Suining Qixi Advertising Media Co., Ltd.

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The module d3dx9_43.dll, “Direct3D 9 Extensions” by Suining Qixi Advertising Media Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

d3dx9_43.dll

Publisher:

Microsoft Corporation (signed by Suining Qixi Advertising Media Co., Ltd.)

Product:

Microsoft® DirectX for Windows®

Description:

Direct3D 9 Extensions

Version:

9.29.952.3111

MD5:

d6ed6d5cd9fe6fa28d88c9542b1de6a2

SHA-1:

9e5899a61917c6271dca6923a1583714f33923bf

SHA-256:

ac7184c3ba71d906118938c21d23893ddb1c704cf3d2ecf2f14f09ba81d556ab

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/25/2024 10:06:10 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.SuiningQixiAdvertisingMediaCo

15.1.29.1

File size:

1.9 MB (2,000,040 bytes)

Product version:

9.29.952.3111

Original file name:

D3DX9D.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\xigua\2.12.0.5\d3dx9_43.dll

Digital Signature

Signed by:

Suining Qixi Advertising Media Co., Ltd.

Authority:

WoSign CA Limited

Valid from:

4/21/2014 5:14:06 AM

Valid to:

4/23/2017 5:14:06 AM

Subject:

CN="Suining Qixi Advertising Media Co., Ltd.", E=xiguayingyin@gmail.com, O="Suining Qixi Advertising Media Co., Ltd.", L=Suining, S=Jiangsu, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

6BA70B4380ECA6E171FB81A495EC5DEF

File PE Metadata

Compilation timestamp:

5/21/2010 9:21:17 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:tUtU6OIyl2Wy9M3bJ45fPS0zFZghQ6aOiFaKOE31GrvFXl74YZ29X1MDd6olmrBn:t566l2u45BiNYFrz31Cv3D29kd6kWd

Entry address:

0x1BEC0D

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 8C, 0F, 00, 00, 5D, E9, 7A, FD, FF, FF, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 81, EC, D0, 02, 00, 00, A1, 90, 95, 1D, 10, 33, C5, 89, 45, FC, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89, BD, CC, FD, FF, FF, 66, 8C, 95, F8, FD, FF, FF, 66, 8C, 8D, EC, FD, FF, FF, 66, 8C, 9D, C8, FD, FF, FF, 66, 8C, 85, C4, FD, FF, FF, 66, 8C, A5, C0, FD, FF, FF, 66, 8C, AD, BC, FD, FF, FF, 9C, 8F... 
[+]

Entropy:

6.7653

Code size:

1.8 MB (1,869,312 bytes)

Remove d3dx9_43.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.