dwm.exe

  • File Path: C:\Windows\system32\dwm.exe
  • Description: Desktop Window Manager

Hashes

Type Hash
MD5 5C27608411832C5B39BA04E33D53536C
SHA1 F92F8B7439CE1DE4C297046ED1D3FF9F20BC97AF
SHA256 0AC827C9E35CDAA492DDD435079415805DCC276352112B040BCD34EF122CF565
SHA384 0C4CE99965B9C8FA4E53090D627E2F5186D2F24F03ABBA5F546E35091AE3DF8A6A2F1D0005A34042648F8811DC0370CD
SHA512 1FA25EABC08DFF9EA25DFA7DA310A677927C6344B76815696B0483F8860FA1469820FF15D88A78ED32F712D03003631D9ACEAF9C9851DE5DD40C1FC2A7BC1309
SSDEEP 1536:aN5PiWRvy0kAfaccAAwrtG5rthFk3RFGJpbz/KGAmrEKRrJecva/:ekAfRgla8pbziGACE6Je0a/
IMP 154ED7B525A399CB7070EB8FD0DFC4DE
PESHA1 D2EF2542614847876368C2B4F26198B8C37573C2
PE256 3CB6E6537B6CBE0428CAF48464DC5F43639CC1B92B3A8DD64273BEE59E291D8E

Runtime Data

Loaded Modules:

Path
C:\Windows\System32\advapi32.dll
C:\Windows\SYSTEM32\apphelp.dll
C:\Windows\system32\dwm.exe
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\ucrtbase.dll

Signature

  • Status: Signature verified.
  • Serial: 33000002EC6579AD1E670890130000000002EC
  • Thumbprint: F7C2F2C96A328C13CDA8CDB57B715BDEA2CBD1D9
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: dwm.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/0ac827c9e35cdaa492ddd435079415805dcc276352112b040bcd34ef122cf565/detection

Possible Misuse

The following table contains possible examples of dwm.exe being misused. While dwm.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
malware-ioc nukesped_lazarus .dwm.exe``{:.highlight .language-cmhg} © ESET 2014-2018

MIT License. Copyright (c) 2020-2021 Strontic.