bdechangepin.exe

  • File Path: C:\WINDOWS\system32\bdechangepin.exe
  • Description: BitLocker Drive Encryption: PIN Change Tool

Screenshot

bdechangepin.exe

Hashes

Type Hash
MD5 05FCF704DD7CB4BEF64CA0B4EDDB13FB
SHA1 5A8634B6729EA3A8C660346123A8C0F3AE1C1C21
SHA256 41BB758697AE8CCC2AA21E58535E2D754F5A491EAD6D38EC27A3A1D06757E149
SHA384 651FA0632C0E8D23CC44D184C85CAF47DB5480662E394FF283A9C5C1AC7B53E3D6C60C5904F8E464BACA5BC2BF2838F5
SHA512 CA745BA8EA6386AA008717DDB70A47DC43BB819A527D4138C994EF2138C0DF64E12B937093E40966B3468694B461646B2E8F1EEA1B37D6C47868B72C3BFEA778
SSDEEP 6144:a1v6M9WEYEHVxHEVHHHQVb1kHVqHVqHQQ9T8TXT5ThT2HVfkXTWT6TITQTMVyW1S:alsH+S+
IMP 578D548C63E14150F7D14C386F44EB07
PESHA1 EAB091E8037CD602B29363AFB18E986FCC17898D
PE256 68D198A6E3038A756DD983F772D663644B361FEE84EB1E1F6FEC726FC2F6F5AB

Runtime Data

Window Title:

BitLocker Drive Encryption

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\bdechangepin.exe.mui File
(R-D) C:\Windows\System32\en-US\duser.dll.mui File
(R-D) C:\Windows\System32\en-US\KernelBase.dll.mui File
(R-D) C:\Windows\SystemResources\imageres.dll.mun File
(R-D) C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.22000.1_en-us_6b887e04d8b70b4e\comctl32.dll.mui File
(RW-) C:\Windows\System32 File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.22000.1_en-us_6b887e04d8b70b4e File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467 File
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\2\Windows\Theme1077709572 Section
\Windows\Theme3461253685 Section

Loaded Modules:

Path
C:\WINDOWS\System32\ADVAPI32.dll
C:\WINDOWS\system32\bdechangepin.exe
C:\WINDOWS\System32\combase.dll
C:\WINDOWS\System32\GDI32.dll
C:\WINDOWS\System32\gdi32full.dll
C:\WINDOWS\System32\KERNEL32.DLL
C:\WINDOWS\System32\KERNELBASE.dll
C:\WINDOWS\System32\msvcp_win.dll
C:\WINDOWS\System32\msvcrt.dll
C:\WINDOWS\SYSTEM32\ntdll.dll
C:\WINDOWS\System32\ole32.dll
C:\WINDOWS\System32\RPCRT4.dll
C:\WINDOWS\System32\sechost.dll
C:\WINDOWS\System32\SHELL32.dll
C:\WINDOWS\System32\ucrtbase.dll
C:\WINDOWS\System32\USER32.dll
C:\WINDOWS\System32\win32u.dll

Signature

  • Status: Signature verified.
  • Serial: 33000002ED2C45E4C145CF48440000000002ED
  • Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: bdechangepin.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.22000.1 (WinBuild.160101.0800)
  • Product Version: 10.0.22000.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/72
  • VirusTotal Link: https://www.virustotal.com/gui/file/41bb758697ae8ccc2aa21e58535e2d754f5a491ead6d38ec27a3a1d06757e149/detection

File Similarity (ssdeep match)

File Score
C:\WINDOWS\system32\bdechangepin.exe 69
C:\Windows\system32\bdechangepin.exe 83
C:\Windows\system32\bdechangepin.exe 69
C:\Windows\system32\bdechangepin.exe 85
C:\Windows\system32\bdechangepin.exe 85

MIT License. Copyright (c) 2020-2021 Strontic.