TpmInit.exe

  • File Path: C:\WINDOWS\system32\TpmInit.exe
  • Description: TPM Initialization Wizard

Screenshot

TpmInit.exe TpmInit.exe

Hashes

Type Hash
MD5 19C208A19DF23B1E29C87827A77D819D
SHA1 C61C35139B14DD816B1B2FBE10BE4DA449715518
SHA256 E7CD2F695718F635328BD990FFA4160DA0C2600B989BDC601192C66AC24DB38D
SHA384 BADE97FC8AC1A3B4B0090B8272FC6007E64FE269CD59C6F66BFED7D9E9EBD5381DB82C19BDFF59D41592D8AA42CE4CB6
SHA512 F8FDBB84736A1FAA270CC23901BEB28E088E3CF08CFB00381DA5E9FD4C3C66757E4986D3EFD2D63621497D82216793E55A82ABA25B03C05A63E8DCA3C3FA940F
SSDEEP 1536:p52CtvN5AoEGjLg1LqxxYDk03cw3juGiceY0lA3CJHkxUM:pN5AoEGjLdxxYh3ceqPYfSFkx1
IMP E48D9904FD3D4255B7D677C183C93F30
PESHA1 6CACDAE38F71163317105602BE55D0128ED02D0B
PE256 D98D51D5B6F86FD84109BF0FD0110B4F68A56848ECB9424F5D7B80B954F951D3

Runtime Data

Window Title:

Manage the TPM security hardware

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\duser.dll.mui File
(R-D) C:\Windows\System32\en-US\KernelBase.dll.mui File
(R-D) C:\Windows\System32\en-US\netmsg.dll.mui File
(R-D) C:\Windows\System32\en-US\oleaccrc.dll.mui File
(R-D) C:\Windows\System32\en-US\TpmInit.exe.mui File
(R-D) C:\Windows\SystemResources\imageres.dll.mun File
(R-D) C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.22000.1_en-us_6b887e04d8b70b4e\comctl32.dll.mui File
(RW-) C:\Windows\System32 File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.22000.1_en-us_6b887e04d8b70b4e File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467 File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\2\Windows\Theme1077709572 Section
\Windows\Theme3461253685 Section

Loaded Modules:

Path
C:\WINDOWS\System32\KERNEL32.DLL
C:\WINDOWS\System32\KERNELBASE.dll
C:\WINDOWS\SYSTEM32\ntdll.dll
C:\WINDOWS\system32\TpmInit.exe

Signature

  • Status: Signature verified.
  • Serial: 33000002ED2C45E4C145CF48440000000002ED
  • Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: TpmInit.EXE.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.22000.1 (WinBuild.160101.0800)
  • Product Version: 10.0.22000.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/72
  • VirusTotal Link: https://www.virustotal.com/gui/file/e7cd2f695718f635328bd990ffa4160da0c2600b989bdc601192c66ac24db38d/detection

File Similarity (ssdeep match)

File Score
C:\Windows\system32\tpmcompc.dll 47
C:\Windows\system32\TpmInit.exe 46
C:\Windows\system32\TpmInit.exe 50
C:\Windows\system32\TpmInit.exe 47
C:\WINDOWS\system32\TpmInit.exe 49
C:\windows\system32\TpmInit.exe 33
C:\Windows\SysWOW64\tpmcompc.dll 54
C:\WINDOWS\SysWOW64\TpmInit.exe 50
C:\Windows\SysWOW64\TpmInit.exe 49
C:\Windows\SysWOW64\TpmInit.exe 50
C:\WINDOWS\SysWOW64\TpmInit.exe 52
C:\windows\SysWOW64\TpmInit.exe 46
C:\Windows\SysWOW64\TpmInit.exe 40

Possible Misuse

The following table contains possible examples of TpmInit.exe being misused. While TpmInit.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
malware-ioc nukesped_lazarus .TpmInit.EXE``{:.highlight .language-cmhg} © ESET 2014-2018

MIT License. Copyright (c) 2020-2021 Strontic.