TpmInit.exe

  • File Path: C:\Windows\system32\TpmInit.exe
  • Description: TPM Initialization Wizard

Screenshot

TpmInit.exe TpmInit.exe

Hashes

Type Hash
MD5 2EF855672A91AA4443E8B4C2E1AE278E
SHA1 2AB65EA700C05450A48F3842DBC4E7D65C346317
SHA256 06210A3296CFAD3AF92253BF998536BA1786A8799BB4CAB80CCDF3DDE30F0E66
SHA384 A4A8E2CEE94DEAD179C790E308FD697694C4DF8322F48452B4247F0D2BED5799A5D559CC065E990D3066FDAB7117E2E3
SHA512 E5674153D4B8F82B1944C99B89064FC277171737806D8602BDE243F50012CC8BCBDC47B75F48485CC35008BA702796F88B23DF31C4E020BB28C10754C2E253C8
SSDEEP 1536:TcI7HDs/dfHDh6XcnkYXFT70JLNuuGiceY0lA3CJHkxUM:T+/dfHQXcnV+JLNNPYfSFkx1
IMP CB0FB4D269B59D4F60F985CCD3A90C83
PESHA1 6CD2F17F074C0135C97BA645AB904CC0AB6644F2
PE256 FFCAD6B0E8C9050CFB0B0459E3917DA82E08E41B2412636FF1495F03C824091D

Runtime Data

Window Title:

Manage the TPM security hardware

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\duser.dll.mui File
(R-D) C:\Windows\System32\en-US\KernelBase.dll.mui File
(R-D) C:\Windows\System32\en-US\netmsg.dll.mui File
(R-D) C:\Windows\System32\en-US\oleaccrc.dll.mui File
(R-D) C:\Windows\System32\en-US\TpmInit.exe.mui File
(R-D) C:\Windows\SystemResources\imageres.dll.mun File
(R-D) C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_en-us_cb612d02732b0fd9\comctl32.dll.mui File
(RW-) C:\Users\user File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_en-us_cb612d02732b0fd9 File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21 File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\1\Windows\Theme1175649999 Section
\Windows\Theme601709542 Section

Loaded Modules:

Path
C:\Windows\System32\ADVAPI32.dll
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll
C:\Windows\system32\TpmInit.exe
C:\Windows\System32\ucrtbase.dll
C:\Windows\System32\USER32.dll
C:\Windows\System32\win32u.dll

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: TpmInit.EXE.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/75
  • VirusTotal Link: https://www.virustotal.com/gui/file/06210a3296cfad3af92253bf998536ba1786a8799bb4cab80ccdf3dde30f0e66/detection

File Similarity (ssdeep match)

File Score
C:\Windows\system32\tpmcompc.dll 54
C:\WINDOWS\system32\TpmInit.exe 46
C:\Windows\system32\TpmInit.exe 52
C:\Windows\system32\TpmInit.exe 47
C:\WINDOWS\system32\TpmInit.exe 57
C:\windows\system32\TpmInit.exe 38
C:\Windows\SysWOW64\tpmcompc.dll 49
C:\WINDOWS\SysWOW64\TpmInit.exe 47
C:\Windows\SysWOW64\TpmInit.exe 54
C:\Windows\SysWOW64\TpmInit.exe 52
C:\WINDOWS\SysWOW64\TpmInit.exe 52
C:\windows\SysWOW64\TpmInit.exe 49
C:\Windows\SysWOW64\TpmInit.exe 41

Possible Misuse

The following table contains possible examples of TpmInit.exe being misused. While TpmInit.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
malware-ioc nukesped_lazarus .TpmInit.EXE``{:.highlight .language-cmhg} © ESET 2014-2018

MIT License. Copyright (c) 2020-2021 Strontic.