Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.3.9600.16384 (winblue_rtm.130821-1623) 4.55%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.10%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.24%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.05%
6.2.9200.16384 (win8_rtm.120725-1247) 2.47%
6.2.9200.16384 (win8_rtm.120725-1247) 14.12%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.10%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.10%
6.2.8250.0 (winmain_win8beta.120217-1520) 0.05%
6.2.8102.0 (winmain_win8m3.110823-1455) 0.10%
6.1.7600.16385 (win7_rtm.090713-1255) 24.90%
6.1.7600.16385 (win7_rtm.090713-1255) 44.10%
6.0.6000.16386 (vista_rtm.061101-2205) 7.21%
6.0.6000.16386 (vista_rtm.061101-2205) 1.50%
6.0.6000.16386 (vista_rtm.061101-2205) 0.39%
6.0.6000.16386 (vista_rtm.061101-2205) 0.05%

Relationships

Child processes
Related files

PE structurePE file structure

Show functions
Import table
advapi32.dll
TraceMessage, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegCloseKey, RegDeleteValueW, RegOpenKeyExW, RegSetValueExW, RegQueryValueExW, EventRegister, EventUnregister, EventWrite, EventEnabled, RegOpenKeyW, LsaGetUserName, EventWriteEndScenario, EventWriteStartScenario, EventActivityIdControl, CheckTokenMembership, RevertToSelf, ImpersonateLoggedOnUser, EqualSid, GetTokenInformation, DeregisterEventSource, RegisterEventSourceW, RegEnumValueW, RegQueryInfoKeyW, RegQueryInfoKeyA, RegQueryValueExA, QueryTraceW, EnableTrace, ControlTraceW, StartTraceW, OpenSCManagerW, OpenServiceW, QueryServiceStatus, NotifyServiceStatusChangeW, CloseServiceHandle, NotifyBootConfigStatus, OpenProcessToken, CreateWellKnownSid, LookupAccountSidW, RegDeleteTreeW, CreateProcessAsUserW, DuplicateTokenEx, I_ScSendTSMessage, ReportEventW, SetNamedSecurityInfoW, GetSecurityDescriptorSacl, GetSecurityDescriptorDacl, GetSecurityDescriptorGroup, GetSecurityDescriptorOwner, GetSecurityDescriptorControl, ConvertStringSecurityDescriptorToSecurityDescriptorW
api-ms-win-core-apiquery-l1-1-0.dll
ApiSetQueryApiSetPresence
api-ms-win-core-datetime-l1-1-1.dll
GetDateFormatW, GetTimeFormatW
api-ms-win-core-delayload-l1-1-1.dll
ResolveDelayLoadedAPI, DelayLoadFailureHook
api-ms-win-core-errorhandling-l1-1-0.dll
GetLastError, SetLastError, SetErrorMode, SetUnhandledExceptionFilter, UnhandledExceptionFilter
api-ms-win-core-errorhandling-l1-1-1.dll
GetLastError, SetLastError, UnhandledExceptionFilter, SetErrorMode, SetUnhandledExceptionFilter
api-ms-win-core-file-l1-1-1.dll
FindFirstVolumeW, GetDriveTypeW, DeleteFileW, FindNextVolumeW, FindVolumeClose, CreateFileW, CreateDirectoryW, GetShortPathNameW, FileTimeToSystemTime, FindFirstFileW, ReadFile, FindClose, GetFileAttributesW
api-ms-win-core-file-l1-2-0.dll
GetDriveTypeW, DeleteFileW, FindNextVolumeW, FindVolumeClose, FindFirstVolumeW, CreateFileW, CreateDirectoryW, GetShortPathNameW, FindFirstFileW, ReadFile, FindClose, GetFileAttributesW
api-ms-win-core-file-l1-2-1.dll
DeleteFileW, FindNextVolumeW, FindVolumeClose, GetDriveTypeW, ReadFile, CreateFileW, CreateDirectoryW, FindClose, FindFirstVolumeW, FindFirstFileW, GetFileAttributesW, GetShortPathNameW
api-ms-win-core-file-l2-1-0.dll
MoveFileExW
api-ms-win-core-file-l2-1-1.dll
MoveFileExW
api-ms-win-core-handle-l1-1-0.dll
CloseHandle
api-ms-win-core-heap-l1-1-0.dll
HeapSetInformation, HeapDestroy, HeapCreate, HeapFree, GetProcessHeap, HeapAlloc
api-ms-win-core-heap-l1-2-0.dll
HeapCreate, GetProcessHeap, HeapFree, HeapDestroy, HeapSetInformation, HeapAlloc
api-ms-win-core-heap-obsolete-l1-1-0.dll
LocalAlloc, LocalFree, LocalReAlloc, LocalSize
api-ms-win-core-interlocked-l1-1-0.dll
InterlockedCompareExchange, InterlockedExchange
api-ms-win-core-interlocked-l1-1-1.dll
InterlockedExchange, InterlockedCompareExchange
api-ms-win-core-interlocked-l1-2-0.dll
InterlockedExchange, InterlockedCompareExchange
api-ms-win-core-kernel32-legacy-l1-1-0.dll
WTSGetActiveConsoleSessionId, GetStartupInfoA
api-ms-win-core-kernel32-legacy-l1-1-1.dll
GetStartupInfoA, WTSGetActiveConsoleSessionId
api-ms-win-core-libraryloader-l1-1-1.dll
GetProcAddress, FindResourceExW, LoadLibraryExW, GetModuleHandleW, GetModuleHandleA, LoadResource, FreeLibrary, LockResource
api-ms-win-core-libraryloader-l1-2-0.dll
LoadLibraryExW, GetModuleHandleA, LoadResource, FindResourceExW, GetModuleHandleW, LockResource, FreeLibrary, GetProcAddress
api-ms-win-core-localregistry-l1-1-0.dll
RegDeleteValueW, RegQueryValueExA, RegQueryInfoKeyA, RegQueryInfoKeyW, RegEnumValueW, RegGetValueW, RegQueryValueExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey
api-ms-win-core-processenvironment-l1-1-0.dll
SetEnvironmentVariableW, ExpandEnvironmentStringsW
api-ms-win-core-processenvironment-l1-1-1.dll
SetEnvironmentVariableW, ExpandEnvironmentStringsW
api-ms-win-core-processenvironment-l1-2-0.dll
ExpandEnvironmentStringsW, SetEnvironmentVariableW
api-ms-win-core-processthreads-l1-1-1.dll
SetThreadPriority, OpenProcess, GetCurrentProcess, SetPriorityClass, OpenProcessToken, TerminateProcess, GetCurrentThreadId, CreateProcessAsUserW, CreateRemoteThread, CreateThread, ResumeThread, GetExitCodeProcess, CreateProcessW, GetCurrentThread, GetCurrentProcessId, IsProcessorFeaturePresent
api-ms-win-core-processthreads-l1-1-2.dll
UpdateProcThreadAttribute, DeleteProcThreadAttributeList, CreateThread, InitializeProcThreadAttributeList, GetCurrentProcess, SetThreadPriority, GetCurrentThread, GetExitCodeProcess, GetCurrentProcessId, ResumeThread, SetPriorityClass, CreateRemoteThread, OpenProcessToken, CreateProcessW, OpenProcess, CreateProcessAsUserW, TerminateProcess, GetCurrentThreadId
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-psapi-obsolete-l1-1-0.dll
K32GetModuleFileNameExW
api-ms-win-core-registry-l1-1-0.dll
RegEnumValueW, RegDeleteTreeW, RegOpenKeyExW, RegGetValueW, RegCloseKey, RegQueryValueExW, RegQueryValueExA, RegSetValueExW, RegDeleteValueW, RegQueryInfoKeyA, RegQueryInfoKeyW
api-ms-win-core-string-obsolete-l1-1-0.dll
lstrcmpiW, lstrlenW
api-ms-win-core-synch-l1-1-1.dll
WaitForSingleObjectEx, TryEnterCriticalSection, Sleep, SetEvent, CreateEventW, InitializeCriticalSection, LeaveCriticalSection, ResetEvent, DeleteCriticalSection, EnterCriticalSection, SleepEx, WaitForMultipleObjectsEx, WaitForSingleObject
api-ms-win-core-synch-l1-2-0.dll
ResetEvent, CreateEventW, SetEvent, WaitForSingleObjectEx, InitializeCriticalSection, LeaveCriticalSection, SleepEx, DeleteCriticalSection, TryEnterCriticalSection, WaitForMultipleObjectsEx, EnterCriticalSection, Sleep, WaitForSingleObject
api-ms-win-core-sysinfo-l1-1-1.dll
GetSystemTimeAsFileTime, GetLocalTime, GetWindowsDirectoryW, SystemTimeToFileTime, GetVersionExW, GetComputerNameExW, GetTickCount
api-ms-win-core-sysinfo-l1-2-0.dll
GetComputerNameExW, GetSystemTimeAsFileTime, GetLocalTime, GetWindowsDirectoryW, GetTickCount, GetVersionExW
api-ms-win-core-sysinfo-l1-2-1.dll
GetWindowsDirectoryW, GetComputerNameExW, GetSystemTimeAsFileTime, GetTickCount, GetLocalTime, GetVersionExW
api-ms-win-core-threadpool-l1-1-1.dll
CreateTimerQueueTimer, DeleteTimerQueueTimer, QueueUserWorkItem
api-ms-win-core-threadpool-legacy-l1-1-0.dll
QueueUserWorkItem, DeleteTimerQueueTimer, CreateTimerQueueTimer
api-ms-win-core-timezone-l1-1-0.dll
SystemTimeToFileTime, FileTimeToSystemTime
api-ms-win-core-version-l1-1-0.dll
GetFileVersionInfoSizeExW, GetFileVersionInfoExW, VerQueryValueW
api-ms-win-eventing-controller-l1-1-0.dll
StartTraceW, ControlTraceW, EnableTraceEx2
api-ms-win-legacy-kernel32-l1-1-0.dll
GetStartupInfoA
api-ms-win-obsolete-kernelbase-l1-1-0.dll
LocalFree, LocalAlloc, lstrlenW, lstrcmpiW
api-ms-win-security-base-l1-1-0.dll
ImpersonateLoggedOnUser, EqualSid, RevertToSelf, GetTokenInformation, GetSecurityDescriptorOwner, GetSecurityDescriptorControl, SetFileSecurityW, GetSecurityDescriptorSacl, CheckTokenMembership, GetSecurityDescriptorDacl, CreateWellKnownSid, SetTokenInformation, DuplicateTokenEx, GetSecurityDescriptorGroup
api-ms-win-security-base-l1-2-0.dll
ImpersonateLoggedOnUser, EqualSid, GetSecurityDescriptorOwner, GetSecurityDescriptorControl, SetFileSecurityW, CheckTokenMembership, CreateWellKnownSid, SetTokenInformation, GetSecurityDescriptorSacl, DuplicateTokenEx, GetSecurityDescriptorDacl, RevertToSelf, GetTokenInformation, GetSecurityDescriptorGroup
api-ms-win-security-lsalookup-l1-1-0.dll
LookupAccountSidLocalW
kernel32.dll
SetEvent, CreateTimerQueueTimer, SetErrorMode, GetTickCount, GetWindowsDirectoryW, FindFirstFileW, FindClose, HeapSetInformation, CreateProcessW, InterlockedExchange, CreateThread, SleepEx, GetCurrentProcessId, SetThreadExecutionState, Sleep, ResetEvent, WaitForSingleObject, QueueUserWorkItem, WaitForSingleObjectEx, HeapFree, HeapAlloc, HeapDestroy, HeapCreate, LoadLibraryW, GetProcAddress, GetFileAttributesW, SetTimerQueueTimer, OpenProcess, GetModuleHandleW, CreateRemoteThread, ResumeThread, DeleteTimerQueueTimer, RegDeleteTreeW, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoA, LoadLibraryExA, InterlockedCompareExchange, DelayLoadFailureHook, MoveFileExW, LocalSize, LocalReAlloc, FindFirstVolumeW, GetDriveTypeW, DeleteFileW, FindNextVolumeW, FindVolumeClose, lstrcmpiW, GetShortPathNameW, CreateFileW, LocalAlloc, ReadFile, CreateDirectoryW, LocalFree, SetLastError, lstrlenW, GetVersionExW, CreateEventW, GetDateFormatW, GetTimeFormatW, FileTimeToSystemTime, SystemTimeToFileTime, GetLocalTime, LockResource, LoadResource, FindResourceExW, GetProcessHeap, FreeLibrary, GetComputerNameW, SetEnvironmentVariableW, GetLastError, GetCurrentProcess, SetPriorityClass, GetCurrentThread, SetThreadPriority, GetExitCodeProcess, CloseHandle, WaitForMultipleObjectsEx, ExpandEnvironmentStringsW, GetSystemDirectoryW, LoadLibraryA
msvcrt.dll
DllMain
ntdll.dll
RtlNtStatusToDosError, RtlInitUnicodeString, NtShutdownSystem, RtlDeregisterWaitEx, RtlFreeHeap, RtlAllocateHeap, EtwEventEnabled, EtwEventWrite, EtwEventUnregister, EtwEventRegister, NtOpenProcessToken, RtlRemovePrivileges, NtClose, EtwUnregisterTraceGuids, EtwRegisterTraceGuidsW, EtwGetTraceLoggerHandle, EtwGetTraceEnableLevel, EtwGetTraceEnableFlags, EtwTraceMessage, RtlRegisterWait, RtlDestroyEnvironment, NtSetValueKey, NtReplyPort, NtCreateKey, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, NtAllocateLocallyUniqueId, TpSimpleTryPost, RtlFreeSid, RtlSetSaclSecurityDescriptor, RtlAddMandatoryAce, RtlCreateAcl, RtlCreateSecurityDescriptor, RtlGetDaclSecurityDescriptor, RtlCopySid, RtlLengthSid, RtlSetDaclSecurityDescriptor, RtlAddAce, RtlUnhandledExceptionFilter, NtQueryInformationProcess, NtQuerySystemInformation, RtlSetThreadIsCritical, RtlSetProcessIsCritical, RtlLeaveCriticalSection, RtlEnterCriticalSection, RtlCompareUnicodeString, NtPrivilegeObjectAuditAlarm, EtwEventWriteEndScenario, EtwEventWriteStartScenario, EtwEventActivityIdControl, NtPrivilegeCheck, NtOpenThreadToken, RtlAllocateAndInitializeSid, RtlInitializeCriticalSection, NtQueryInformationToken, RtlSetEnvironmentVariable, RtlQueryEnvironmentVariable_U, RtlInitUnicodeStringEx, RtlCreateEnvironment, NtCreateEvent, RtlAdjustPrivilege, NtSystemDebugControl, NtCompleteConnectPort, NtCreatePagingFile, RtlDosPathNameToNtPathName_U, DbgBreakPoint, RtlConnectToSm, RtlSendMsgToSm, NtDelayExecution, RtlDeregisterWait, NtPowerInformation, NtSetThreadExecutionState, NtSetInformationProcess, WinSqmAddToStream, WinSqmIsOptedIn, CsrClientCallServer, NtQuerySystemEnvironmentValueEx
rpcrt4.dll
RpcBindingFree, RpcStringBindingParseW, RpcBindingToStringBindingW, RpcBindingServerFromClient, RpcRevertToSelf, RpcImpersonateClient, RpcServerInqCallAttributesW, RpcServerListen, RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcExceptionFilter, RpcServerInqDefaultPrincNameW, RpcServerRegisterAuthInfoW, RpcStringFreeW, RpcServerInqBindings, UuidFromStringW, RpcEpRegisterW, RpcServerUnregisterIf, RpcEpUnregister, RpcBindingVectorFree, NdrAsyncServerCall, RpcServerTestCancel, RpcAsyncAbortCall, I_RpcBindingIsClientLocal, NdrAsyncClientCall, RpcBindingCopy, RpcBindingCreateW, RpcBindingBind, RpcServerUseProtseqW, RpcAsyncInitializeHandle, RpcAsyncCancelCall, RpcAsyncCompleteCall, RpcBindingUnbind, NdrClientCall2, NdrServerCall2, I_RpcExceptionFilter, RpcBindingSetAuthInfoExW, RpcBindingFromStringBindingW, RpcStringBindingComposeW, RpcMgmtIsServerListening
user32.dll
SetWindowStationUser, SwitchDesktopWithFade, LoadLocalFonts, SetWindowsHookExW, RegisterLogonProcess, SetProcessWindowStation, CreateDesktopW, CloseDesktop, CloseWindowStation, SetUserObjectSecurity, SwitchDesktop, UpdatePerUserSystemParameters, RecordShutdownReason, GetAsyncKeyState, ExitWindowsEx, UnhookWindowsHookEx, SetThreadDesktop, CreateWindowStationW
userenv.dll
GetAllUsersProfileDirectoryW, GetUserProfileDirectoryW

wininit.exe

Windows Start-Up Application by Microsoft

Remove wininit.exe
Version:   6.2.8102.0 (winmain_win8m3.110823-1455)
MD5:   cadd6f1692b419c2820fc4c61cd2dcaa
SHA1:   d3d4333b0791a5943c6088538b5dd81ebc4e2402
SHA256:   a48f22c175a91b06a699342790481ef3ca42c552b5d3385e4120522d241ff70f
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is wininit.exe?

The Wininit file is an .ini file that lists all of the changes to be made to Windows when you restart the computer after installing a program. The Wininit.exe file is the program file that starts the .ini file. It can be run only when the computer restarts so that the changes can be made while Windows is not running.

Overview

wininit.exe executes as a process under the SYSTEM account with extensive privileges (the system and the administrator accounts have the same file privileges). It has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. This version is installed on Windows 8 and is compiled as a 32 bit program.

DetailsDetails

File name:wininit.exe
Publisher:Microsoft Corporation
Product name:Windows Start-Up Application
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\wininit.exe
Original name:WinInit.exe.mui
File version:6.2.8102.0 (winmain_win8m3.110823-1455)
Product version:6.2.8102.0
Size:95.5 KB (97,792 bytes)
Build date:8/24/2011 5:58 AM
Digital DNA
Entropy:6.266439
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Windows firewall allowed program
Exceptions allow programs to access to the Internet through an outbound connections
  • Firewall exception for 'C:\Windows\system32\wininit.exe'

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00160912%
0.028634%
Kernel CPU:0.00139985%
0.013761%
User CPU:0.00020927%
0.014873%
Kernel CPU time:94 ms/min
100,923,805ms/min
Memory
Private memory:1.06 MB
21.59 MB
Private (maximum):3.54 MB
Private (minimum):3.33 MB
Non-paged memory:1.06 MB
21.59 MB
Virtual memory:45.05 MB
140.96 MB
Virtual memory (peak):75.26 MB
169.69 MB
Working set:3.33 MB
18.61 MB
Working set (peak):3.97 MB
37.95 MB
Resource allocations
Threads:2
12
Handles:105
600

BehaviorsProcess properties

Integrety level:System
Platform:32-bit
Command line:wininit.exe
Owner:SYSTEM

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 33.00%
Windows 8.1 17.50%
Windows 7 Ultimate 14.00%
Windows 8.1 Pro 7.50%
Windows 7 Professional 6.00%
Windows 8.1 Single Language 4.50%
Windows 8 3.50%
Windows 8 Single Language 3.00%
Windows 8 Pro 3.00%
Windows 7 Home Basic 2.50%
Windows 8.1 Pro with Media Center 2.00%
Windows 8 Enterprise N 1.00%
Windows 8.1 N 0.50%
Windows Seven Black Edition 0.50%
Windows 8.1 Enterprise Evaluation 0.50%
Windows Vista Home Premium 0.50%
Windows 8 Enterprise 0.50%

Distribution by countryDistribution by country

United States installs about 44.72% of Windows Start-Up Application.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 18.97%
ASUS 18.18%
Hewlett-Packard 17.79%
Acer 14.23%
Toshiba 10.28%
Lenovo 8.70%
Sony 3.95%
Intel 2.37%
GIGABYTE 1.98%
Samsung 1.58%
Alienware 1.19%
Medion 0.79%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE