dwm22.exe

The executable dwm22.exe has been detected as malware by 2 anti-virus scanners. While running, it connects to the Internet address redirect.www.ibm.com on port 80 using the HTTP protocol.
MD5:
65ed70b096d3eea34e360c6422825d79

SHA-1:
c1599baedff8929e957efaa556d18e97ac853648

SHA-256:
81cb1ecbce90321c2234b23dbe420756d2c5a9793302f4c572c950026b0ca9ca

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
12/26/2024 3:47:19 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Floxif.H virus
6.3.12010.0

F-Prot
W32/Floxif.B
4.6.5.141

File size:
146.3 KB (149,860 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\windowman\dwm22.exe

File PE Metadata
Compilation timestamp:
12/11/2013 11:48:13 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x16F2

Entry point:
E9, 23, 45, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 58, B5, 40, 00, 89, 0D, 54, B5, 40, 00, 89, 15, 50, B5, 40, 00, 89, 1D, 4C, B5, 40, 00, 89, 35, 48, B5, 40, 00, 89, 3D, 44, B5, 40, 00, 66, 8C, 15, 70, B5, 40, 00, 66, 8C, 0D, 64, B5, 40, 00, 66, 8C, 1D, 40, B5, 40, 00, 66, 8C, 05, 3C, B5, 40, 00, 66, 8C, 25, 38, B5, 40, 00, 66, 8C, 2D, 34, B5, 40, 00, 9C, 8F, 05, 68, B5, 40, 00, 8B, 45, 00, A3, 5C, B5, 40, 00, 8B, 45, 04, A3, 60, B5, 40, 00, 8D, 45, 08, A3, 6C, B5, 40...
 
[+]

Entropy:
7.0636

Packer / compiler:
Xtreme-Protector v1.05

Code size:
26 KB (26,624 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to seminaires-nav5.fr  (207.46.197.32:80)

TCP (HTTP):
Connects to redirect.www.ibm.com  (129.42.38.1:80)

Remove dwm22.exe - Powered by Reason Core Security