TpmInit.exe

  • File Path: C:\WINDOWS\SysWOW64\TpmInit.exe
  • Description: TPM Initialization Wizard

Screenshot

TpmInit.exe TpmInit.exe

Hashes

Type Hash
MD5 56FFC2D70D4BC13886245ECE35498CAA
SHA1 95206230012B1950E45B65FC9EA5AA4CC72A9063
SHA256 A646C2A9E7246E05738CD5570ED8FADB49B7F9822833AB8C1107AEC540AB3D96
SHA384 72C02AAB6FC807028E48E286EC62AA1ADE7F93C09A4CD0707865957B6DD9F63401870753DA522DD44400EFD5036AEF1D
SHA512 F94AEBEDA484E3F1E88DE857A7CB00E5E690535701FB786D720A89A805853292F4A9C737AB7565724F04293E87FFF8022C93E5A1F0C30CB8B9C5D90525FBC832
SSDEEP 1536:YUHK4Mw/aypmTKhjuGiceY0lA3CJHkxUM:pq4MMaKqPYfSFkx1
IMP 5BF7394F35E02422597ADE969D5868E8
PESHA1 AAADED28519E3667DF2C56507EE841AF9CAEF98B
PE256 F8BEDE414D229F1458A7D6EFD52B4AD7ACDF19A941904415B5D89024CB23874E

Runtime Data

Window Title:

Manage the TPM security hardware

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\duser.dll.mui File
(R-D) C:\Windows\System32\en-US\KernelBase.dll.mui File
(R-D) C:\Windows\System32\en-US\netmsg.dll.mui File
(R-D) C:\Windows\System32\en-US\oleaccrc.dll.mui File
(R-D) C:\Windows\System32\en-US\TpmInit.exe.mui File
(R-D) C:\Windows\SystemResources\imageres.dll.mun File
(R-D) C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.22000.1_en-us_b335b4dbed333454\comctl32.dll.mui File
(RW-) C:\Windows File
(RW-) C:\Windows\SysWOW64 File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.22000.1_en-us_b335b4dbed333454 File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_e541a94fcce8ed6d File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\2\Windows\Theme1077709572 Section
\Windows\Theme3461253685 Section

Loaded Modules:

Path
C:\WINDOWS\SYSTEM32\ntdll.dll
C:\WINDOWS\System32\wow64.dll
C:\WINDOWS\System32\wow64base.dll
C:\WINDOWS\System32\wow64con.dll
C:\WINDOWS\System32\wow64win.dll
C:\WINDOWS\SysWOW64\TpmInit.exe

Signature

  • Status: Signature verified.
  • Serial: 33000002ED2C45E4C145CF48440000000002ED
  • Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: TpmInit.EXE
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.22000.1 (WinBuild.160101.0800)
  • Product Version: 10.0.22000.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/a646c2a9e7246e05738cd5570ed8fadb49b7f9822833ab8c1107aec540ab3d96/detection

File Similarity (ssdeep match)

File Score
C:\Windows\system32\tpmcompc.dll 63
C:\WINDOWS\system32\TpmInit.exe 52
C:\Windows\system32\TpmInit.exe 52
C:\Windows\system32\TpmInit.exe 58
C:\Windows\system32\TpmInit.exe 47
C:\WINDOWS\system32\TpmInit.exe 55
C:\windows\system32\TpmInit.exe 36
C:\Windows\SysWOW64\tpmcompc.dll 61
C:\WINDOWS\SysWOW64\TpmInit.exe 54
C:\Windows\SysWOW64\TpmInit.exe 55
C:\Windows\SysWOW64\TpmInit.exe 65
C:\windows\SysWOW64\TpmInit.exe 49
C:\Windows\SysWOW64\TpmInit.exe 44

Possible Misuse

The following table contains possible examples of TpmInit.exe being misused. While TpmInit.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
malware-ioc nukesped_lazarus .TpmInit.EXE``{:.highlight .language-cmhg} © ESET 2014-2018

MIT License. Copyright (c) 2020-2021 Strontic.