dwm.exe

  • File Path: C:\WINDOWS\system32\dwm.exe
  • Description: Desktop Window Manager

Hashes

Type Hash
MD5 72B98B74557649F9AA4B0249E43E9BCF
SHA1 4C1DE5167EEA515893018211F982B8A1CEAF1FED
SHA256 B39D76814BA92435F5DD5BCCCD7FAABCC814E1C51D92CDAFF4FC011F0415812B
SHA384 75688CBC6EB349BA4BBB7D102EDF83C1E6B4A3A58FB36507F089163BC0A8DDC88735EC0C2D48E048672627A396F62627
SHA512 70C5A4E2CB8CFFF11677F006668C273152C0552F509AA1BC7D8E40AFF5562889D96D71AD79AE05446B849D7C646F53CFBB38B8FC8DC46C33D31D4DE4337C1E58
SSDEEP 1536:v/njVablNQ1JoUgKpcnnRRPKEXgoZRm7rMaCv:Hj8blNnUfpcnnvKEQoG74aC

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: dwm.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.18362.1 (WinBuild.160101.0800)
  • Product Version: 10.0.18362.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of dwm.exe being misused. While dwm.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
malware-ioc nukesped_lazarus .dwm.exe``{:.highlight .language-cmhg} © ESET 2014-2018

MIT License. Copyright (c) 2020-2021 Strontic.