dwmcvmon.exe

DocuWorks

Fuji Xerox Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘FXMcvIrmStartup’.
Publisher:
Fuji Xerox Co., Ltd.  (signed and verified)

Product:
DocuWorks

Description:
DocuWorks Security EXE

Version:
1.1.0.8

MD5:
7adf17e3f1ee85a20ed90086e5dbadfe

SHA-1:
d0722457fe50e2895469c47df67b025ebfaeac6a

SHA-256:
41a5d8c3ed99b33125ee7cdd2f36d48b62ec6585ad4bab174e63acc8acbc1af7

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/26/2024 4:44:23 PM UTC  (today)

File size:
222 KB (227,280 bytes)

Product version:
1.1.0.0

Copyright:
Copyright (C) Fuji Xerox Co., Ltd. 1996-2016

Original file name:
dwmcvmon.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Windows\System32\dwmcvmon.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
7/4/2016 9:00:00 AM

Valid to:
8/15/2017 8:59:59 AM

Subject:
CN="Fuji Xerox Co., Ltd.", OU="Fuji Xerox Co., Ltd.", O="Fuji Xerox Co., Ltd.", L=Yokohama, S=Kanagawa, C=JP

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
2E29A021ECFA2381B9507B3357D062F0

File PE Metadata
Compilation timestamp:
9/15/2016 4:00:10 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

Entry address:
0x24339

Entry point:
E8, EF, 05, 00, 00, E9, 36, FD, FF, FF, FF, 74, 24, 10, FF, 74, 24, 10, FF, 74, 24, 10, FF, 74, 24, 10, 68, 6C, 43, 42, 00, 68, 0C, 48, 43, 00, E8, 60, 06, 00, 00, 83, C4, 18, C3, FF, 25, 6C, 85, 42, 00, 3B, 0D, 0C, 48, 43, 00, 75, 02, F3, C3, E9, 4D, 06, 00, 00, 53, 8A, 5C, 24, 08, F6, C3, 02, 56, 8B, F1, 74, 24, 57, 68, F6, 4A, 42, 00, 8D, 7E, FC, FF, 37, 6A, 0C, 56, E8, BF, 02, 00, 00, F6, C3, 01, 74, 07, 57, E8, AE, F7, FF, FF, 59, 8B, C7, 5F, EB, 13, E8, 45, 07, 00, 00, F6, C3, 01, 74, 07, 56, E8, 98...
 
[+]

Entropy:
6.5977

Code size:
156 KB (159,744 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
FXMcvIrmStartup

Command:
C:\Windows\System32\dwmcvmon.exe \s