dwm.exe
- File Path:
C:\Windows\system32\dwm.exe - Description: Desktop Window Manager
Hashes
| Type | Hash |
|---|---|
| MD5 | 5CE3CCA35D8B19967B25806B7FF69D0F |
| SHA1 | 2371C02842FD9670FA47B2EAE4CB08FA7A6070C1 |
| SHA256 | 5954A267C8F271798EC0AC18D5F67F21A70B47258B10601511CA2109FFFDCF71 |
| SHA384 | E6CAE26BBB80F2DEAC8EA9FC14DB5D22DA2C58E4879205E9F107CBC622F85ECE9A9D9053742642C8D846A781024E5E3A |
| SHA512 | E8726804478C54F122CEA6435D9538FFF3D6694A93B2A367F78D70BA8309B0AB2612A50E698A7DF48DDC1A7AFEC4D9A9D51D8B40338B2CA5B6E31F7E4EC9D519 |
| SSDEEP | 1536:XTjrLnX87oRLb0Pi3DoaegoWRottVMaq:/X1OPUr9oHtYaq |
| IMP | CC05EDB80F10F1D5E7EC964B8C83F969 |
| PESHA1 | E0376577500942E16E46833659D6CD2F46DD2E6A |
| PE256 | 095DFC2B348A91503E0FA73EBD1A384CF683AF41A2A8DD5AC3328907FBDAC719 |
Runtime Data
Loaded Modules:
| Path |
|---|
| C:\Windows\System32\advapi32.dll |
| C:\Windows\SYSTEM32\apphelp.dll |
| C:\Windows\System32\bcryptPrimitives.dll |
| C:\Windows\System32\cfgmgr32.dll |
| C:\Windows\System32\combase.dll |
| C:\Windows\system32\CoreMessaging.dll |
| C:\Windows\System32\CRYPTSP.dll |
| C:\Windows\system32\d2d1.dll |
| C:\Windows\system32\d3d11.dll |
| C:\Windows\system32\D3DCOMPILER_47.dll |
| C:\Windows\system32\dcomp.dll |
| C:\Windows\system32\dwm.exe |
| C:\Windows\system32\dwmcore.dll |
| C:\Windows\SYSTEM32\dwmredir.dll |
| C:\Windows\system32\dxgi.dll |
| C:\Windows\System32\gdi32.dll |
| C:\Windows\System32\gdi32full.dll |
| C:\Windows\System32\kernel.appcore.dll |
| C:\Windows\System32\KERNEL32.DLL |
| C:\Windows\System32\KERNELBASE.dll |
| C:\Windows\System32\msvcp_win.dll |
| C:\Windows\System32\msvcrt.dll |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\OLEAUT32.dll |
| C:\Windows\System32\powrprof.dll |
| C:\Windows\System32\RPCRT4.dll |
| C:\Windows\System32\sechost.dll |
| C:\Windows\System32\shcore.dll |
| C:\Windows\System32\ucrtbase.dll |
| C:\Windows\SYSTEM32\udwm.dll |
| C:\Windows\System32\USER32.dll |
| C:\Windows\System32\win32u.dll |
Signature
- Status: Signature verified.
- Serial:
3300000266BD1580EFA75CD6D3000000000266 - Thumbprint:
A4341B9FD50FB9964283220A36A1EF6F6FAA7840 - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: dwm.exe.mui
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.17763.1 (WinBuild.160101.0800)
- Product Version: 10.0.17763.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/70
- VirusTotal Link: https://www.virustotal.com/gui/file/5954a267c8f271798ec0ac18d5f67f21a70b47258b10601511ca2109fffdcf71/detection/
Possible Misuse
The following table contains possible examples of dwm.exe being misused. While dwm.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| malware-ioc | nukesped_lazarus | .dwm.exe``{:.highlight .language-cmhg} |
© ESET 2014-2018 |
MIT License. Copyright (c) 2020-2021 Strontic.