DW20.EXE

  • File Path: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE
  • Description: Microsoft Application Error Reporting

Hashes

Type Hash
MD5 6D89B7356E52C77215B889FEA561D417
SHA1 B402C1AFA54453598F624E524B28A7C60898BC2E
SHA256 37A82F07D84F9C9944AA8AD6C4EC057B0C95BD44823B43355AF6264A7738920F
SHA384 E2897E35BB6FA62FEE488318467E2C9349E4A12D85F3B1B98DBA1531A3AAA672AA895E5BC412C0AEED87A18D9CE3C2F6
SHA512 ADF3C1C7AEF81E70D7C196D35657DC361E3508E42EBEAC0CD62E2D3AFC9EAE75CB9A7AAAA2C77122CF2DB7391DE4DCE920D7F7AF4846A85D0DF0E3659F716A42
SSDEEP 24576:ZwOoAwNv2ccXYxe5jasZJszy4Th4GNx9BOYtvr4R2Bvcw:ZNoAwp2Ae5XfsriefOYtvrS2BvH
IMP 38CD505DAB067B7F60C26A9DE49E49FA
PESHA1 E7ABEFB6F0653668981541EF1C4CCA01A4B2D18E
PE256 B325C937DDB38090BE1E91782F95714063CE3CE7BFB9809B51E9EE55358F3D45

Runtime Data

Loaded Modules:

Path
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 33000002CE7C9ACE7D905ED2B70000000002CE
  • Thumbprint: B10607FB914700B40F794610850C1DE0A21566C1
  • Issuer: CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: DW20.Exe
  • Product Name: Microsoft Application Error Reporting
  • Company Name: Microsoft Corporation
  • File Version: 16.0.12527.20470
  • Product Version: 16.0.12527.20470
  • Language: Language Neutral
  • Legal Copyright:
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/68
  • VirusTotal Link: https://www.virustotal.com/gui/file/37a82f07d84f9c9944aa8ad6c4ec057b0c95bd44823b43355af6264a7738920f/detection/

Possible Misuse

The following table contains possible examples of DW20.EXE being misused. While DW20.EXE is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_thrip.yar $s1 = “\AppData\Local\Temp\dw20.EXE” ascii CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.