dwm.exe

  • File Path: C:\WINDOWS\system32\dwm.exe
  • Description: Desktop Window Manager

Hashes

Type Hash
MD5 A6E69192B00C17747E79D311840A408B
SHA1 1EF70A45175FD8E7E1D42B220D83CF60C47FF3F1
SHA256 EE57340C0229CC5B6EAA06AAEA526B79D899288B643817DFF79121FB633FCC7E
SHA384 3D831AE790885D5AA9C97E41E7290D190BC57688A8A88B32AA3E2F4156853E75B33A0873DC92223524D1F23C08BD6690
SHA512 B472D942755FFE2B2712560D400333B4F926D0F5F973C7F3A34CEA02BEAA29C4959E5E19E7C338AA04A78F5E411FFE9DC7B889ADBB7587960A2D9EBEE7A917B1
SSDEEP 3072:CprvSkOh+/Lp5j1Sbbp0iL42THQk8hg8oae:Cprv0oLvj1SbdL4qQkWJoa
IMP DA9D0579A13085AC96D862C4786DFAA7
PESHA1 5684D276464CD93944FCB9C4251C3B5696141C5D
PE256 9E7BBB8812C399FEF670E7A5E91350976293E7C2EBFE9FBD8809B231BDE86218

Runtime Data

Loaded Modules:

Path
C:\WINDOWS\SYSTEM32\apphelp.dll
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\System32\KERNEL32.DLL
C:\WINDOWS\System32\KERNELBASE.dll
C:\WINDOWS\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 33000002ED2C45E4C145CF48440000000002ED
  • Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: dwm.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.22000.1 (WinBuild.160101.0800)
  • Product Version: 10.0.22000.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/ee57340c0229cc5b6eaa06aaea526b79d899288b643817dff79121fb633fcc7e/detection

Possible Misuse

The following table contains possible examples of dwm.exe being misused. While dwm.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
malware-ioc nukesped_lazarus .dwm.exe``{:.highlight .language-cmhg} © ESET 2014-2018

MIT License. Copyright (c) 2020-2021 Strontic.