TpmInit.exe

  • File Path: C:\Windows\system32\TpmInit.exe
  • Description: TPM Initialization Wizard

Screenshot

TpmInit.exe TpmInit.exe

Hashes

Type Hash
MD5 578EF2B7D0C63504C39DD1BF3CADB2A8
SHA1 CAAF8D868E3A1DA26C15A136AFF55ADEA9F82929
SHA256 452CD44F2920387AD9D25E5285A5C70E2D404F96F61AFD48CAF3F0DC04645CEE
SHA384 28063041E8CD5E8DAB05CABF3C40FEA2D90648306F9EB3A1411F53DEE451CFA1D77C974E8E1F11A79B8B0F52A3B94C45
SHA512 CD45DCCC3891185120AD3C2C54281249A9E18AF615FB34C5DDC3A7462668C2D765011EDA0F473627397B4E30037DD1CCD72D0741F650EF430CA861D7F323C140
SSDEEP 1536:X5QXz+MMhkJ101a6HuGiceY0lA3CJHkxUM:GXzuhX1L+PYfSFkx1
IMP CB0FB4D269B59D4F60F985CCD3A90C83
PESHA1 B69E122832297A0AA41D3BD7CD2F05D507A0A30A
PE256 A37BBB4BDC2069461526B0971FEDAB1AFC81B49FA18959C780C98E09683A32AA

Runtime Data

Window Title:

Manage the TPM security hardware

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\duser.dll.mui File
(R-D) C:\Windows\System32\en-US\imageres.dll.mui File
(R-D) C:\Windows\System32\en-US\KernelBase.dll.mui File
(R-D) C:\Windows\System32\en-US\netmsg.dll.mui File
(R-D) C:\Windows\System32\en-US\oleaccrc.dll.mui File
(R-D) C:\Windows\System32\en-US\TpmInit.exe.mui File
(R-D) C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.17763.1518_en-us_f47974b57ff45754\comctl32.dll.mui File
(RW-) C:\Users\user File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.17763.1518_en-us_f47974b57ff45754 File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17763.1518_none_de6e2bd0534e2567 File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000004.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000004.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\RPC Control\DSEC780 Section
\Sessions\2\Windows\Theme2131664586 Section
\Windows\Theme966197582 Section

Loaded Modules:

Path
C:\Windows\System32\ADVAPI32.dll
C:\Windows\SYSTEM32\atlthunk.dll
C:\Windows\System32\bcrypt.dll
C:\Windows\System32\bcryptPrimitives.dll
C:\Windows\System32\cfgmgr32.dll
C:\Windows\System32\clbcatq.dll
C:\Windows\System32\combase.dll
C:\Windows\System32\CoreMessaging.dll
C:\Windows\System32\CoreUIComponents.dll
C:\Windows\System32\CRYPT32.dll
C:\Windows\System32\cryptsp.dll
C:\Windows\system32\DUser.dll
C:\Windows\system32\dwmapi.dll
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\System32\IMM32.DLL
C:\Windows\System32\kernel.appcore.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\MSASN1.dll
C:\Windows\System32\MSCTF.dll
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\SYSTEM32\ntmarta.dll
C:\Windows\system32\OLEACC.dll
C:\Windows\System32\OLEAUT32.dll
C:\Windows\System32\powrprof.dll
C:\Windows\System32\profapi.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\shcore.dll
C:\Windows\System32\SHELL32.dll
C:\Windows\System32\shlwapi.dll
C:\Windows\System32\TextInputFramework.dll
C:\Windows\system32\TpmInit.exe
C:\Windows\System32\ucrtbase.dll
C:\Windows\System32\USER32.dll
C:\Windows\system32\uxtheme.dll
C:\Windows\system32\wbem\fastprox.dll
C:\Windows\system32\wbem\wbemprox.dll
C:\Windows\system32\wbem\wbemsvc.dll
C:\Windows\SYSTEM32\wbemcomn.dll
C:\Windows\System32\win32u.dll
C:\Windows\System32\windows.storage.dll
C:\Windows\system32\WindowsCodecs.dll
C:\Windows\SYSTEM32\wintypes.dll
C:\Windows\System32\WS2_32.dll
C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17763.1518_none_de6e2bd0534e2567\COMCTL32.dll

Signature

  • Status: Signature verified.
  • Serial: 33000001C422B2F79B793DACB20000000001C4
  • Thumbprint: AE9C1AE54763822EEC42474983D8B635116C8452
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: TpmInit.EXE.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.17763.1 (WinBuild.160101.0800)
  • Product Version: 10.0.17763.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/66
  • VirusTotal Link: https://www.virustotal.com/gui/file/452cd44f2920387ad9d25e5285a5c70e2d404f96f61afd48caf3f0dc04645cee/detection/

File Similarity (ssdeep match)

File Score
C:\Windows\system32\tpmcompc.dll 63
C:\WINDOWS\system32\TpmInit.exe 50
C:\Windows\system32\TpmInit.exe 52
C:\Windows\system32\TpmInit.exe 54
C:\WINDOWS\system32\TpmInit.exe 60
C:\windows\system32\TpmInit.exe 44
C:\Windows\SysWOW64\tpmcompc.dll 57
C:\WINDOWS\SysWOW64\TpmInit.exe 54
C:\Windows\SysWOW64\TpmInit.exe 55
C:\Windows\SysWOW64\TpmInit.exe 60
C:\WINDOWS\SysWOW64\TpmInit.exe 58
C:\windows\SysWOW64\TpmInit.exe 47
C:\Windows\SysWOW64\TpmInit.exe 43

Possible Misuse

The following table contains possible examples of TpmInit.exe being misused. While TpmInit.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
malware-ioc nukesped_lazarus .TpmInit.EXE``{:.highlight .language-cmhg} © ESET 2014-2018

MIT License. Copyright (c) 2020-2021 Strontic.