dwm.exe

  • File Path: C:\Windows\system32\dwm.exe
  • Description: Desktop Window Manager

Hashes

Type Hash
MD5 9E5F47A29D48F9103FAA5B4B81CCDB5E
SHA1 6745B380E62B60D629D8CA49191FF1D73448DE64
SHA256 153BF1424FE62CECA16461E43343753C22EBADAABA2966F1E6B457944FB3D7DB
SHA384 CE316050EF5EE76A9B7D13149BA117F43A0C3848240D9B46920E4386262D5734C6BD392837423A786F5998CC0FE3ACB3
SHA512 743AA5391131D6C88F0A635F2AB478B6FC6858C42409D36294D742AA8E1538CDB018031AC9865593EF15B6BE41C7BDC10E12D5A3FF02173B1DE76D6E2C89C7C0
SSDEEP 1536:pczc/VgKoRvi74qJbCVRilfB/od7lE58ohybJpbpxYGQfAmrtRRYg33ALvat:Wvi740pB/4lEOpbpxYfACtQQ3ALat

Runtime Data

Loaded Modules:

Path
C:\Windows\SYSTEM32\apphelp.dll
C:\Windows\system32\dwm.exe
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: dwm.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\Windows\system32\dwm.exe 90

Possible Misuse

The following table contains possible examples of dwm.exe being misused. While dwm.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
malware-ioc nukesped_lazarus .dwm.exe``{:.highlight .language-cmhg} © ESET 2014-2018

MIT License. Copyright (c) 2020-2021 Strontic.