» dmwu.exe
Overview
Analysis
File Details
Behaviors (1)

dmwu.exe

ClientConnect LTD

The file belongs to the ClientConnect (Conduit/Perion) platform, a utility that bundles and monetizes search toolbars and browser add-ons. The application dmwu.exe by ClientConnect has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “IBUpdaterService”.

File name:

dmwu.exe

Publisher:

ClientConnect LTD (signed and verified)

MD5:

003995f28a0b7e58d261bb316579b79a

SHA-1:

536c39aba8122f3b72f3120733fb0c46e32408c0

SHA-256:

89178f2a87023c02b9a9f5d4788e0e965e95659b692a27c44aa454d7ddde5550

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Part of the Conduit/ClientConnect toolbar/extension distribution.

Analysis date:

4/19/2024 8:46:28 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Conduit (M)

17.1.5.21

File size:

2.9 MB (3,007,952 bytes)

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Windows\System32\dmwu.exe

Digital Signature

Signed by:

ClientConnect LTD

Authority:

Symantec Corporation

Valid from:

7/9/2014 1:00:00 AM

Valid to:

7/10/2016 12:59:59 AM

Subject:

CN=ClientConnect LTD, OU=Guardbox, O=ClientConnect LTD, L=Ness Ziona, S=Israel, C=IL

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

3215FFC06E15A37E45F6521CECC8C3BD

File PE Metadata

Compilation timestamp:

4/17/2016 12:01:55 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

10.0

Entry address:

0x1B7A50

Entry point:

48, 83, EC, 28, E8, 3B, 05, 00, 00, 48, 83, C4, 28, E9, 26, FD, FF, FF, FF, 25, A0, 03, 02, 00, FF, 25, AA, 03, 02, 00, FF, 25, DC, 03, 02, 00, FF, 25, DE, 03, 02, 00, FF, 25, 00, 04, 02, 00, FF, 25, 12, 04, 02, 00, FF, 25, 24, 02, 02, 00, FF, 25, 0E, 02, 02, 00, FF, 25, 00, 02, 02, 00, FF, 25, F2, 01, 02, 00, FF, 25, E4, 01, 02, 00, FF, 25, D6, 01, 02, 00, FF, 25, C8, 01, 02, 00, FF, 25, 2A, 00, 02, 00, FF, 25, 2C, 00, 02, 00, FF, 25, 2E, 00, 02, 00, FF, 25, 30, 00, 02, 00, FF, 25, 32, 00, 02, 00, FF, 25... 
[+]

Entropy:

6.2001

Code size:

1.8 MB (1,922,048 bytes)

Service

Display name:

IBUpdaterService

Type:

Win32OwnProcess

Remove dmwu.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.