dmwu.exe
By Perion Network Ltd. (Signed)
Warning 9 antivirus scanners has detected malware in various versions of dmwu.exe.
Overview
dmwu.exe has 25 known versions, the most recent one is . It is started as a Windows Service called 'Updater Service' with the name 'IBUpdaterService'. In addition, it is run under the context of the SYSTEM account with extensive privileges (the administrator accounts have the same privileges). The average file size is about 1.32 MB. It is an authenticode code-signed executable issued to Perion Network Ltd. by the certification authority VeriSign. During the process's lifecycle, the typical CPU resource utilization is about 0.0096% including both foreground and background operations, the average private memory consumption is about 6.92 MB with the maximum memory reaching around 12.86 MB. Addionally, typically read and write I/O disk operations is about 510 Bytes per minute for reads and 4 Bytes per minute for writes.
What is dmwu.exe?
dmwu.exe is the installation service for Web Optimizer, an ad-supported program. Web Optimizer by Perion Network Ltd. is a web browser extension and browser helper object (BHO) for Internet Explorer and Firefox (extension) and distributed through Perion Networks. The Web Optimizer extension includes a search bar which provides modified search redirection results and a search provider. Web Optimizer will attempt to change the default home page of the user's web browser as well.
 Details
|
| File name: | dmwu.exe |
| Typical file path: | C:\Windows\System32\dmwu.exe |
| Certificate |
| Issued to: | Perion Network Ltd. |
| Authority (CA): | VeriSign |
| Effective date: | Tuesday, April 24, 2012 |
| Expiration date: | Friday, April 24, 2015 |
| Windows Service |
| Service name: | IBUpdaterService |
| Display name: | Updater Service |
| Description: | “Updater Service” |
| Type: | Win32OwnProcess |
Behaviors
(Note, the behaviors below are for all versions of dmwu.exe, select a unique version for details.)
Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
- 'IBUpdaterService' (Updater Service)
- WebOptimizer
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
- Firewall exception for 'C:\WINDOWS\system32\dmwu.exe'
Malware detections
Based on 40+ industry antivirus scanners, 9 of them detected the following malware.
All file variations of dmwu.exe
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Ultimate |
30.00% |
|
| Windows 7 Home Premium |
24.29% |
|
| Microsoft Windows XP |
17.14% |
|
| Windows 7 Professional |
10.00% |
|
| Windows 8 |
5.71% |
|
| Windows Vista Home Premium |
5.71% |
|
| Windows 8 Single Language |
2.86% |
|
| Windows 8.1 Pro with Media Center |
1.43% |
|
| Windows 8 Pro |
1.43% |
|
| Windows 8 Release Preview |
1.43% |
|
Distribution by country
United States installs about 34.29% of dmwu.exe.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Hewlett-Packard |
28.81% |
|
| Acer |
23.73% |
|
| Toshiba |
16.95% |
|
| Sony |
10.17% |
|
| Dell |
10.17% |
|
| MSI |
3.39% |
|
| ASUS |
3.39% |
|
| GIGABYTE |
3.39% |
|
