• File Path: C:\windows\system32\TSTheme.exe
  • Description: TSTheme Server Module


Type Hash
MD5 C9A51BDEC4B4E0B6EF51B64637677D14
SHA1 ADBE4D50AD906E4B1D91299EA97474B4C044E55D
SHA256 DBDF0C85B1A39656E616E428FCEFEDC930761ACC5CF2846BBF8E60610016142A
SHA384 7E4C458DAB42366495F7B17546DDEDB510E0A995E06E3759ADDB663EECAD9A5D5989BBB94FD9FFE121F7C58A9D69C383
SHA512 1873DBFFB61C74B1B5FAF912E5B72FC9548D296D15CE44F05C4484089D15D312C13BFA8CD710DD486483099225447679DB44D7A7F4C411FFE0FE4116B2334E58
SSDEEP 768:svR55wNJP6dZm6i8XrU/mITGfJ6ZDYh+dHKnag9Y9mv2:yW6zVU/5bdqP9Y9mv2


  • Status: The file C:\windows\system32\TSTheme.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: TSThemeS.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 6.3.9600.16384 (winblue_rtm.130821-1623)
  • Product Version: 6.3.9600.16384
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of TSTheme.exe being misused. While TSTheme.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma sysmon_suspicious_remote_thread.yml - '\tstheme.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.