Should I block it?

60%
60% of PCs block this file from running.
Possible reason:
Performance resource utilization

VersionsAdditional versions

05b13 14.08%
68839 1.41%
11c3a 8.45%
52c18 12.68%
89238 1.41%
be4d9 2.82%
f85eb 1.41%
872f6 1.41%
8ac7e 9.86%
6caf3 4.23%
0ec38 7.04%
c7007 4.23%
81eac 1.41%
bd893 2.82%
a3224 1.41%
08e67 1.41%
99da6 4.23%
60981 7.04%
9b67a 4.23%
45f31 1.41%
199a8 1.41%
ce882 1.41%
36c55 1.41%
382f8 1.41%
418c5 1.41%
(Note, Perion Network Ltd. publishes each variation of this file with the same version, but the hashes are unique.)

Relationships

Parent process
Child process
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
RegQueryValueExW, RegSetValueExW, RegEnumKeyExW, RegDeleteValueW, RegisterEventSourceW, DeregisterEventSource, ReportEventW, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerExW, SetServiceStatus, ChangeServiceConfig2W, StartServiceW, QueryServiceStatusEx, CloseServiceHandle, OpenServiceW, OpenSCManagerW, CreateProcessAsUserW, DuplicateTokenEx, RegOpenCurrentUser, RevertToSelf, ImpersonateLoggedOnUser, OpenProcessToken, RegNotifyChangeKeyValue, RegOpenKeyExW, RegCloseKey, RegCreateKeyExW
kernel32.dll
lstrcmpiW, LockResource, GetModuleFileNameW, GetTempPathW, CreateFileW, GetModuleHandleExW, GetCurrentProcessId, SizeofResource, LoadResource, FindResourceW, GetTickCount, GetFileAttributesW, GetComputerNameExW, Sleep, Process32NextW, OpenProcess, Process32FirstW, CreateToolhelp32Snapshot, WaitForMultipleObjects, GetModuleHandleW, GetProcAddress, GetLastError, DeleteFileW, CreateThread, ResetEvent, CreateEventW, CloseHandle, TerminateThread, WaitForSingleObject, GetVersionExW, TerminateProcess, InterlockedDecrement, GetCurrentThreadId, MultiByteToWideChar, lstrlenA, SetEvent, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, WideCharToMultiByte, InterlockedIncrement, lstrlenW, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, GetStartupInfoW, HeapSetInformation, InterlockedExchange, DecodePointer, EncodePointer, InitializeCriticalSectionAndSpinCount, RaiseException, LocalAlloc, GetLocalTime, SetCurrentDirectoryW, FindResourceExW, GetPrivateProfileSectionNamesW, GetPrivateProfileIntW, GetPrivateProfileStringW, DeleteFileA, AreFileApisANSI, GetSystemTime, GetTempPathA, GetVersionExA, OutputDebugStringA, GetFileAttributesExW, GetSystemInfo, GetDiskFreeSpaceA, CreateFileMappingW, LoadLibraryA, GetDiskFreeSpaceW, LockFileEx, HeapSize, FlushFileBuffers, ReadFile, HeapValidate, HeapCreate, GetFileAttributesA, HeapDestroy, FormatMessageW, LoadLibraryW, WriteFile, FormatMessageA, GetSystemTimeAsFileTime, GetProcessHeap, UnlockFileEx, OutputDebugStringW, WaitForSingleObjectEx, LockFile, UnlockFile, InterlockedCompareExchange, HeapFree, QueryPerformanceCounter, SetFilePointerEx, SystemTimeToFileTime, HeapAlloc, FreeLibrary, SetEndOfFile, UnmapViewOfFile, MapViewOfFile, SetFilePointer, CreateMutexW, GetFileSize, CreateFileA, HeapReAlloc, GetFullPathNameA, GetFullPathNameW, CreateDirectoryW, LocalFree, FindCloseChangeNotification, FindNextChangeNotification, FindFirstChangeNotificationW, IsProcessorFeaturePresent, SetLastError, SearchPathW, GetModuleFileNameA, IsWow64Process, lstrcmpiA
msvcp100.dll
DllMain
msvcr100.dll
DllMain
ole32.dll
CoCreateInstance, CoSetProxyBlanket, CoInitialize, CoUninitialize, CoCreateGuid, StringFromCLSID, CoTaskMemFree, OleRun, CoInitializeSecurity
shell32.dll
ShellExecuteExW, SHGetMalloc, SHGetPathFromIDListW, SHGetSpecialFolderLocation, ShellExecuteW, SHCreateDirectoryExW, SHGetFolderLocation
shlwapi.dll
PathIsURLW, StrCmpIW
urlmon.dll
URLDownloadToFileW
user32.dll
SetTimer, PostThreadMessageW, DispatchMessageW, TranslateMessage, PostMessageW, KillTimer, DefWindowProcW, DestroyWindow, RegisterClassW, GetMessageW, SetWindowLongW, CreateWindowExW, CharLowerW, wsprintfW, PeekMessageW, MsgWaitForMultipleObjectsEx, CharLowerBuffW
userenv.dll
DestroyEnvironmentBlock, CreateEnvironmentBlock
version.dll
GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
wtsapi32.dll
WTSQuerySessionInformationW, WTSEnumerateSessionsW, WTSFreeMemory

dmwu.exe

By Perion Network Ltd. (Signed)

Remove dmwu.exe
MD5:   81eacb021dc52e908187861fd92370b4
SHA1:   ca5b7c7b7a6ed2cdd926005a2ea505a91a3048db
SHA256:   e22157c4d97c4c941e7557b28080d221707cf8b3584370a66144dddda1aa44e1

What is dmwu.exe?

dmwu.exe is the installation service for Web Optimizer, an ad-supported program. Web Optimizer by Perion Network Ltd. is a web browser extension and browser helper object (BHO) for Internet Explorer and Firefox (extension) and distributed through Perion Networks. The Web Optimizer extension includes a search bar which provides modified search redirection results and a search provider. Web Optimizer will attempt to change the default home page of the user's web browser as well.

Overview

dmwu.exe runs as a service under the name Updater Service (IBUpdaterService) with extensive SYSTEM privileges (full administrator access). It has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. The file is digitally signed by Perion Network Ltd. which was issued by the VeriSign certificate authority (CA).

DetailsDetails

File name:dmwu.exe
Typical file path:C:\Windows\System32\dmwu.exe
Size:1.1 MB (1,156,400 bytes)
Build date:4/7/2013 11:53 AM
Certificate
Issued to:Perion Network Ltd.
Authority (CA):VeriSign
Effective date:Tuesday, April 24, 2012
Expiration date:Friday, April 24, 2015
Digital DNA
PE subsystem:Windows GUI
File packed:No
Code language:Microsoft Visual C++ 10.0
.NET CLR:No
More details

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'IBUpdaterService' (Updater Service)
  • WebOptimizer
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
  • Firewall exception for 'C:\WINDOWS\system32\dmwu.exe'
Network connections
Access through an approved Windows firewall exception
  • [UDP] listens on port 54953

    • ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.00021032%
    0.028634%
    Kernel CPU:0.00005112%
    0.013761%
    User CPU:0.00015920%
    0.014873%
    Kernel CPU time:16,115 ms/min
    100,923,805ms/min
    Memory
    Private memory:11.45 MB
    21.59 MB
    Private (maximum):14.52 MB
    Private (minimum):8.48 MB
    Non-paged memory:11.45 MB
    21.59 MB
    Virtual memory:82.46 MB
    140.96 MB
    Virtual memory (peak):90.61 MB
    169.69 MB
    Working set:13.73 MB
    18.61 MB
    Working set (peak):14.69 MB
    37.95 MB
    Resource allocations
    Threads:13
    12
    Handles:536
    600

    BehaviorsProcess properties

    Integrety level:System
    Platform:32-bit
    Command line:C:\Windows\System32\dmwu.exe
    Owner:SYSTEM
    Windows Service
    Service name:IBUpdaterService
    Display name:Updater Service
    Description:“Updater Service”
    Type:Win32OwnProcess
    Parent process:services.exe (Services and Controller app by Microsoft)

    ResourcesThreads

    Averages
     
    sechost.dll
    Total CPU:0.01571216%
    0.272967%
    Kernel CPU:0.01376737%
    0.107585%
    User CPU:0.00194478%
    0.165382%
    CPU cycles:2,207,476/sec
    5,741,424/sec
    Context switches:1/sec
    79/sec
    Memory:100 KB
    1.16 MB
    dmwu.exe (main module)
    Total CPU:0.00002099%
    Kernel CPU:0.00001399%
    User CPU:0.00000700%
    CPU cycles:474/sec
    Memory:1.11 MB
    ntdll.dll
    Total CPU:0.00001399%
    Kernel CPU:0.00001399%
    User CPU:0.00000000%
    CPU cycles:3,471/sec
    Memory:1.23 MB

    Common loaded modules

    These are modules that are typiclaly loaded within the context of this process.

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Windows 7 Ultimate 30.00%
    Windows 7 Home Premium 24.29%
    Microsoft Windows XP 17.14%
    Windows 7 Professional 10.00%
    Windows 8 5.71%
    Windows Vista Home Premium 5.71%
    Windows 8 Single Language 2.86%
    Windows 8.1 Pro with Media Center 1.43%
    Windows 8 Pro 1.43%
    Windows 8 Release Preview 1.43%

    Distribution by countryDistribution by country

    United States installs about 34.29% of dmwu.exe.

    OEM distributionDistribution by PC manufacturer

    PC Manufacturerdistribution
    Hewlett-Packard 28.81%
    Acer 23.73%
    Toshiba 16.95%
    Sony 10.17%
    Dell 10.17%
    MSI 3.39%
    ASUS 3.39%
    GIGABYTE 3.39%
    Back to top
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE