× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c36486504c3a596fdca487143f6d3b43c0bee01321f6f1f3071976556533c419
File name: dxgthk.sys
Detection ratio: 0 / 47
Analysis date: 2013-11-07 13:29:39 UTC ( 4 years, 10 months ago ) View latest
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
AVG 20131107
Yandex 20131105
AhnLab-V3 20131107
AntiVir 20131107
Antiy-AVL 20131107
Avast 20131107
Baidu-International 20131107
BitDefender 20131107
Bkav 20131107
ByteHero 20131104
CAT-QuickHeal 20131107
ClamAV 20131107
Commtouch 20131107
Comodo 20131107
DrWeb 20131107
ESET-NOD32 20131107
Emsisoft 20131107
F-Prot 20131107
F-Secure 20131107
Fortinet 20131107
GData 20131107
Ikarus 20131107
Jiangmin 20131107
K7AntiVirus 20131106
K7GW 20131106
Kaspersky 20131107
Kingsoft 20130829
Malwarebytes 20131107
McAfee 20131107
McAfee-GW-Edition 20131107
eScan 20131107
Microsoft 20131107
NANO-Antivirus 20131107
Norman 20131107
Panda 20131107
Rising 20131107
SUPERAntiSpyware 20131106
Sophos AV 20131107
Symantec 20131107
TheHacker 20131106
TotalDefense 20131106
TrendMicro 20131107
TrendMicro-HouseCall 20131107
VBA32 20131106
VIPRE 20131107
ViRobot 20131107
nProtect 20131107
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name dxgthk.sys
Internal name dxgthk.sys
File version 5.1.2600.0 (xpclient.010817-1148)
Description DirectX Graphics Driver Thunk
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-08-17 20:53:12
Entry Point 0x00000359
Number of sections 6
PE sections
PE imports
EngDebugPrint
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
2304

ImageVersion
5.1

ProductName
Microsoft Windows Operating System

FileVersionNumber
5.1.2600.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
DirectX Graphics Driver Thunk

CharacterSet
Unicode

LinkerVersion
7.0

FileTypeExtension
exe

OriginalFileName
dxgthk.sys

MIMEType
application/octet-stream

Subsystem
Native

FileVersion
5.1.2600.0 (xpclient.010817-1148)

TimeStamp
2001:08:17 21:53:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
dxgthk.sys

ProductVersion
5.1.2600.0

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
256

FileSubtype
7

ProductVersionNumber
5.1.2600.0

EntryPoint
0x0359

ObjectFileType
Driver

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
Compressed bundles
File identification
MD5 a73f5d6705b1d820c19b18782e176efd
SHA1 6f9f663cdfbc2592eab4c43fee359effd37d60f2
SHA256 c36486504c3a596fdca487143f6d3b43c0bee01321f6f1f3071976556533c419
ssdeep
48:aJgYcOH0IOPKG5MtrCfYBhg8ZefEvZQdoq+4VDIZWWEWtIhvk5WwG:eN9BGorTHg8acZQdoz4xEW2tav4Ww

authentihash 9c450ce78aef5f8aa4e1733cff052a360a0ee08020e442ab1618c239ca57f6a0
imphash 0842875aa8573292944922a3e5c6590d
File size 3.3 KB ( 3328 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (native) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe nsrl trusted native

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with dxgthk.sys as its name.
VirusTotal metadata
First submission 2008-02-27 07:34:34 UTC ( 10 years, 6 months ago )
Last submission 2017-03-29 18:59:27 UTC ( 1 year, 5 months ago )
File names vst01pma.ipn
vslg0360.668
vsoggvkl.52q
vsekgcur.2ch
dxgthk.sys
vslshupc.ri6
vsmkgn0b.2c4
DXGTHK.SYS
vs8n1u4g.2bm
vsch0o83.p4c
vs941d6b.gja
vsuqgvbg.2g1
vs8dhukr.gqo
DXGTHK.SYS
vs0fhvdi.b8m
vsqk0pv4.9da
vsekgmqj.qc7
vsoeg8h4.ba5
vskagkku.i6m
vsc6gcvb.8r9
vslg06l2.id5
vsg30vhk.qc3
sbs_ve_ambr_20150905120929.296_ 662923
vsdugj3h.hcc
vs5l02s0.ks5
National Software Reference Library (NIST)
The National Software Reference Library (NSRL) is designed to collect software from various sources and incorporate file profiles computed from this software into a reference data set of information. This file was found in the NSRL dataset, in the following products and with the following file names.
Products Windows XP (Microsoft)
MSDN Disc 2466 (Microsoft)
MSDN Disc 1550 (Microsoft)
Platforms SDKs/DDKs (Microsoft)
Windows XP Home Edition (Microsoft)
Windows XP Professional (Microsoft)
Windows XP eMbedded Evaluation Software (Microsoft)
Windows XP Tablet PC Edition (Microsoft)
Platforms (Microsoft)
Applications, Platforms, Servers (Microsoft)
Platforms, SDK/DDK, Developer Tools (Microsoft)
Platforms, SDK/DDK (Microsoft)
Applications, Platforms (Microsoft)
Windows CE .NET Evaluation Software (Microsoft)
Internet Explorer Versions (Microsoft)
Windows 2000 Versions (Microsoft)
Internet Explorer (Microsoft)
Windows 98 Versions (Microsoft)
Windows XP Professional 2002 Service Pack 1 (Microsoft)
Office XP Professional with FrontPage (Microsoft)
File names dxgthk.sys
DXGTHK.SYS, dxgthk.sys
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!