» dwm.exe
Overview
Analysis
File Details

dwm.exe

The executable dwm.exe has been detected as malware by 34 anti-virus scanners. Accoriding to the detections, this has been classified as a kyelogger which is capable of recoring a user's keystrokes.

File name:

dwm.exe

Description:

Desktop...

Version:

1.0.0.0

MD5:

30d3a8f44a74307082fb0976938b736f

SHA-1:

6d07ed8a684b0591c7ae0c46e5d7c9ccb5c4a740

SHA-256:

c37d35c53581d7467319acea1a3dcecee5f61f58c2b22c7b0751355f1dd4c59d

Scanner detections:

34 / 68

Status:

Malware

Analysis date:

4/28/2024 4:52:02 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Generic.Malware.GSD.130EC42B

-40

AhnLab V3 Security

Trojan/Win32.Petun.C123620

3.8.3.16

Avira AntiVirus

TR/Spy.Gen

8.3.3.4

Arcabit

Generic.Malware.GSD.130EC42B

1.0.0.793

avast!

MSIL:KeyLogger-AB [Spy]

2014.9-170316

AVG

PSW.Agent.7

2018.0.2438

Baidu Antivirus

Win32.Trojan.WisdomEyes.16070401.9500

4.0.3.17316

Bitdefender

Generic.Malware.GSD.130EC42B

1.0.20.375

Comodo Security

Worm.Win32.KeyLogger.AutoRun.AE

26460

Dr.Web

Trojan.Siggen3.14508

9.0.1.075

Emsisoft Anti-Malware

Generic.Malware.GSD.130EC42B

8.17.03.16.01

ESET NOD32

MSIL/Spy.Agent.BP (variant)

11.14780

Fortinet FortiGate

MSIL/KeyLogger.BA!tr

3/16/2017

F-Prot

W32/MSIL_Troj.F.gen

v6.4.7.1.166

F-Secure

Generic.Malware.GSD.130EC42B

11.2017-16-03_5

G Data

Generic.Malware.GSD.130EC42B

17.3.25

IKARUS anti.virus

Trojan-Spy.Win32.Zbot

0.1.3.4

K7 AntiVirus

Trojan

13.248.22115

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.-1315

Malwarebytes

Trojan.KeyLogger.MSIL

v2017.03.16.01

McAfee

PWS-Zbot.gen.yg

5600.6094

Microsoft Security Essentials

PWS:MSIL/Petun.A

1.1.13407.0

MicroWorld eScan

Generic.Malware.GSD.130EC42B

18.0.0.225

NANO AntiVirus

Trojan.Win32.Siggen3.dhbnsn

1.0.70.14475

Panda Antivirus

Trj/GdSda.A

17.03.16.01

Qihoo 360 Security

HEUR/QVM03.0.8C3F.Malware.Gen

1.0.0.1120

Quick Heal

Trojan.Orsam.A3

3.17.14.00

Rising Antivirus

Trojan.MSIL.KeyLogger!1.647D (classic)

23.00.65.17314

Sophos

Mal/MSIL-BA

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Petun

8533

Total Defense

Win32/Petun.B

37.1.62.1

Trend Micro House Call

TSPY_PATUN.SMHA

7.2.75

Trend Micro

TSPY_PATUN.SMHA

10.465.16

VIPRE Antivirus

Trojan-PWS.MSIL.Petun.a

55286

File size:

37 KB (37,888 bytes)

Product version:

1.0.0.0

Desktop...

Original file name:

Crossfire New Cheat Autohead Fast Knife 100% 2.0 2017-2018.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\roaming\dwm.exe

File PE Metadata

Compilation timestamp:

1/10/2017 6:29:29 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

Entry address:

0xAB3E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.6429

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

35 KB (35,840 bytes)

Remove dwm.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.