» fwh.exe
Overview
Analysis
File Details
Behaviors (1)

fwh.exe

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Fast Windows Hider’.

File name:

fwh.exe

MD5:

d060d2fe94fc2d43d31d28133120051f

SHA-1:

f4765d8671477fa9fea7f09eaf66aadda61ffe11

SHA-256:

d785589d874a9e1b51d3098b48c8b9d6483b7f1dd68094f28ec63824d5b86df9

Scanner detections:

5 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

5/11/2025 2:59:48 PM UTC (today)

Scan engine

Detection

Engine version

Comodo Security

Heur.Suspicious

16450

Trend Micro House Call

TROJ_GEN.R47H1L9

7.2.33

Vba32 AntiVirus

Trojan.Agent

3.12.22.2

VIPRE Antivirus

Trojan.Win32.Generic

18814

ViRobot

Trojan.Win32.A.Agent.772608.G

2011.4.7.4223

File size:

754.5 KB (772,608 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\fast windows hider\fwh.exe

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:aBxojnIJhYznjihsm0MjXM9D3+DilFOH3ov99zFJF:YinIJ4n2hj18hsy83o1

Entry address:

0x77FAC

Entry point:

55, 8B, EC, 83, C4, F0, B8, 6C, 7D, 47, 00, E8, C4, DD, F8, FF, 68, 8C, 80, 47, 00, 68, 90, 80, 47, 00, E8, 0D, E5, F8, FF, 85, C0, 0F, 85, A2, 00, 00, 00, A1, 68, AA, 47, 00, 8B, 00, E8, BD, 3D, FE, FF, 8B, 0D, A8, AB, 47, 00, A1, 68, AA, 47, 00, 8B, 00, 8B, 15, 10, 24, 47, 00, E8, BD, 3D, FE, FF, 8B, 0D, 70, AB, 47, 00, A1, 68, AA, 47, 00, 8B, 00, 8B, 15, D4, 2C, 47, 00, E8, A5, 3D, FE, FF, 8B, 0D, 1C, AA, 47, 00, A1, 68, AA, 47, 00, 8B, 00, 8B, 15, 10, 21, 47, 00, E8, 8D, 3D, FE, FF, 8B, 0D, FC, A8, 47... 
[+]

Entropy:

7.0470

Developed / compiled with:

Microsoft Visual C++

Code size:

476.5 KB (487,936 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Fast Windows Hider

Command:

C:\Program Files\fast windows hider\fwh.exe

Scan fwh.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.