TpmInit.exe

  • File Path: C:\Windows\SysWOW64\TpmInit.exe
  • Description: TPM Initialization Wizard

Screenshot

TpmInit.exe TpmInit.exe

Hashes

Type Hash
MD5 22A202B729CB70DF605D7E81D77B9B41
SHA1 6EDACF84D5512EF4F6DFEA78B60ADD7C91D3F7DF
SHA256 EA80B5FC2CC98EEA5376F3EF1B1DE3C447550AE5EE3C7CC8DFBBE9310C288880
SHA384 B2E114624AB4A690612C53F9A17FB16020284912FA165F37B38B722FD897C3BDC43C974DE6656024FBDC47C12F69D55E
SHA512 E15F456A4D299AFF33F2FDEE760DCA39A2D31397BB470FDCCDA6BDA2A1CAF408782A82CD2075C1F0E1B933FBCC6BBA621319911EE0CC333616D94886DC425B09
SSDEEP 1536:yUeflox5+Z7nUrwZliuuGiceY0lA3CJHkxUMK:nedox5+Z7nULNPYfSFkx1K
IMP 80D512028EB708EE52E1A6F4BAB6259F
PESHA1 EB59E33C262A27C02E1759D8E6F61073E98EC683
PE256 C420F6543D27A7B0BE8A11FDDAFAC9C061517008883EA860DB49AC897B855D55

Runtime Data

Window Title:

Manage the TPM security hardware

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\duser.dll.mui File
(R-D) C:\Windows\System32\en-US\KernelBase.dll.mui File
(R-D) C:\Windows\System32\en-US\netmsg.dll.mui File
(R-D) C:\Windows\System32\en-US\oleaccrc.dll.mui File
(R-D) C:\Windows\System32\en-US\TpmInit.exe.mui File
(R-D) C:\Windows\SystemResources\imageres.dll.mun File
(R-D) C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_en-us_130e63d987a738df\comctl32.dll.mui File
(RW-) C:\Users\user File
(RW-) C:\Windows File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_en-us_130e63d987a738df File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_11b1e5df2ffd8627 File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\1\Windows\Theme1175649999 Section
\Windows\Theme601709542 Section

Loaded Modules:

Path
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll
C:\Windows\SysWOW64\TpmInit.exe

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: TpmInit.EXE
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/75
  • VirusTotal Link: https://www.virustotal.com/gui/file/ea80b5fc2cc98eea5376f3ef1b1de3c447550ae5ee3c7cc8dfbbe9310c288880/detection

File Similarity (ssdeep match)

File Score
C:\Windows\system32\tpmcompc.dll 60
C:\WINDOWS\system32\TpmInit.exe 49
C:\Windows\system32\TpmInit.exe 54
C:\Windows\system32\TpmInit.exe 55
C:\Windows\system32\TpmInit.exe 50
C:\WINDOWS\system32\TpmInit.exe 55
C:\windows\system32\TpmInit.exe 33
C:\Windows\SysWOW64\tpmcompc.dll 54
C:\WINDOWS\SysWOW64\TpmInit.exe 50
C:\Windows\SysWOW64\TpmInit.exe 60
C:\WINDOWS\SysWOW64\TpmInit.exe 55
C:\windows\SysWOW64\TpmInit.exe 50
C:\Windows\SysWOW64\TpmInit.exe 43

Possible Misuse

The following table contains possible examples of TpmInit.exe being misused. While TpmInit.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
malware-ioc nukesped_lazarus .TpmInit.EXE``{:.highlight .language-cmhg} © ESET 2014-2018

MIT License. Copyright (c) 2020-2021 Strontic.