TpmInit.exe

  • File Path: C:\Windows\SysWOW64\TpmInit.exe
  • Description: TPM Initialization Wizard

Screenshot

TpmInit.exe TpmInit.exe

Hashes

Type Hash
MD5 23E73EAD4C5304744E76E8ECE21273BC
SHA1 6C1B56CB711D28DFC04929041E51D5F1BA6792E7
SHA256 2A7081195ACF53B272040BD4F232691B626B522123D3FE402FCA91B3FD64F158
SHA384 9A585D718B2150B9CC2EA5E613B397A8729567FAF8341AEEF757CCD0E2B55AD2F2483124586789B2E469EF4CC220C922
SHA512 7410638DB8B2D46B4E0520B53F3BED53F10B5A7EF1E246356D5D9B5570B020F434DF9463FB3D10DE08FE8F8845A8E280DE8718BA6ECA72F8C4E6569F19DFB761
SSDEEP 1536:OUeKzb+/P25nDmXSHuGiceY0lA3CJHkxUM:Le2b+/P25R+PYfSFkx1
IMP 80D512028EB708EE52E1A6F4BAB6259F
PESHA1 5E0A6F2AE28E92CC78CE737ED527B3AAB50DF7F4
PE256 C1F8446BF067457EF6328118675A9ADC92E8101C9E96460471F02957AC49392C

Runtime Data

Window Title:

Manage the TPM security hardware

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\duser.dll.mui File
(R-D) C:\Windows\System32\en-US\imageres.dll.mui File
(R-D) C:\Windows\System32\en-US\KernelBase.dll.mui File
(R-D) C:\Windows\System32\en-US\TpmInit.exe.mui File
(R-D) C:\Windows\System32\netmsg.dll File
(R-D) C:\Windows\SysWOW64\en-US\netmsg.dll.mui File
(R-D) C:\Windows\SysWOW64\en-US\oleaccrc.dll.mui File
(R-D) C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.17763.1518_en-us_3c26ab8c9470805a\comctl32.dll.mui File
(RW-) C:\Users\user File
(RW-) C:\Windows File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.17763.1518_en-us_3c26ab8c9470805a File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17763.1518_none_261b62a767ca4e6d File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000004.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000004.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\RPC Control\DSECFAC Section
\Sessions\2\Windows\Theme2131664586 Section
\Windows\Theme966197582 Section

Loaded Modules:

Path
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll
C:\Windows\SysWOW64\TpmInit.exe

Signature

  • Status: Signature verified.
  • Serial: 33000001C422B2F79B793DACB20000000001C4
  • Thumbprint: AE9C1AE54763822EEC42474983D8B635116C8452
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: TpmInit.EXE
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.17763.1 (WinBuild.160101.0800)
  • Product Version: 10.0.17763.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/71
  • VirusTotal Link: https://www.virustotal.com/gui/file/2a7081195acf53b272040bd4f232691b626b522123d3fe402fca91b3fd64f158/detection/

File Similarity (ssdeep match)

File Score
C:\Windows\system32\tpmcompc.dll 66
C:\WINDOWS\system32\TpmInit.exe 50
C:\Windows\system32\TpmInit.exe 52
C:\Windows\system32\TpmInit.exe 60
C:\Windows\system32\TpmInit.exe 52
C:\WINDOWS\system32\TpmInit.exe 54
C:\windows\system32\TpmInit.exe 38
C:\Windows\SysWOW64\tpmcompc.dll 60
C:\WINDOWS\SysWOW64\TpmInit.exe 54
C:\Windows\SysWOW64\TpmInit.exe 60
C:\WINDOWS\SysWOW64\TpmInit.exe 65
C:\windows\SysWOW64\TpmInit.exe 49
C:\Windows\SysWOW64\TpmInit.exe 50

Possible Misuse

The following table contains possible examples of TpmInit.exe being misused. While TpmInit.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
malware-ioc nukesped_lazarus .TpmInit.EXE``{:.highlight .language-cmhg} © ESET 2014-2018

MIT License. Copyright (c) 2020-2021 Strontic.