dwm.exe

  • File Path: C:\Windows\system32\dwm.exe
  • Description: Desktop Window Manager

Hashes

Type Hash
MD5 7260B06613BC480862F379FF5CCD58B6
SHA1 90BFD3DCAB257A3B16EB46E8135B3621B6A7BCBE
SHA256 18B84DF6110F4A23660A256E558BCE4F5FC0D47678E4D1F9F8188DD490E5B293
SHA384 0291169F028867034811641137BEB5E436B7FD10CDCB8490640C810EC1B31C01523E4EA0A6628530B30DE6F27C3AD777
SHA512 AE1C1EC018A2AE4995B0A1F9B45FCDCF15F4D8488BD7717A432D84B92E35337F22E8032D5B280E25869449FEC392F977ECF86C28D9C16E4222BA4E8BB5C463B4
SSDEEP 1536:/czc/VgKoRvi74qJbCVRilfB/od7lE58ohypJpbVHYGQfAmrERRrg33ALvar:cvi740pB/4lEgpbVHYfACEjQ3ALar
IMP 154ED7B525A399CB7070EB8FD0DFC4DE
PESHA1 7524DBAB7F0D5861BCC3277E8CDBE9611EC130AD
PE256 4CB2AD8AFEAF0C9677E2A5B8D627BACE2239FE49E3558BB4324C8C0A336A1079

Runtime Data

Loaded Modules:

Path
C:\Windows\System32\advapi32.dll
C:\Windows\SYSTEM32\apphelp.dll
C:\Windows\system32\dwm.exe
C:\Windows\System32\gdi32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\System32\win32u.dll

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: dwm.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/75
  • VirusTotal Link: https://www.virustotal.com/gui/file/18b84df6110f4a23660a256e558bce4f5fc0d47678e4d1f9f8188dd490e5b293/detection

File Similarity (ssdeep match)

File Score
C:\Windows\system32\dwm.exe 90

Possible Misuse

The following table contains possible examples of dwm.exe being misused. While dwm.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
malware-ioc nukesped_lazarus .dwm.exe``{:.highlight .language-cmhg} © ESET 2014-2018

MIT License. Copyright (c) 2020-2021 Strontic.