• File Path: C:\windows\SysWOW64\TCPSVCS.EXE
  • Description: TCP/IP Services Application


Type Hash
MD5 F739210482F186F229769DC74560579E
SHA1 8E3E5435E846005139D3BB3FDF3599137FDD3C38
SHA256 001232C77BBC2EED3DD40533222E0662E94137EB5A3340123BB2B191AE5226EA
SHA384 5265A9E4AF940068F739AE8E2C75712BD8C8D2E054C36B08ACF04FF52763F567A89216A06196179F0FFD3AF962598111
SHA512 20655074985ABC964B8271F8965007B465361DED5A6F24893BEB3960CD8C35205672B769298430AD32104834574DF1FEA4C39B27A79805EEE43CCC05A02E4CEF
SSDEEP 192:jF0o+aN4XzTy3TLVo+I+mB94OS4iSUJOp1yK8WQ/WYmE:jF0odN4XzTyjpoZZeOUJOpz8WQ/W6


  • Status: The file C:\windows\SysWOW64\TCPSVCS.EXE is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: TCPSVCS.EXE
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 6.3.9600.17415 (winblue_r4.141028-1500)
  • Product Version: 6.3.9600.17415
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of TCPSVCS.EXE being misused. While TCPSVCS.EXE is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base thor-hacktools.yar $s2 = “tcpsvcs.exe” fullword wide CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.