MicrosoftEdgeUpdateComRegisterShell64.exe

  • File Path: C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.135.29\MicrosoftEdgeUpdateComRegisterShell64.exe
  • Description: Microsoft Edge Update COM Registration Helper

Hashes

Type Hash
MD5 E0188132FBF54FE58C556B7F42C726E0
SHA1 1F5E569058894D6953CD50B58CC7541D8B40AC10
SHA256 F6FF5ADFE17B07D48613229FFD187CCE2C7677AE7BCF38DAA77ED7E158CD2BC2
SHA384 EE6A78A831AAF2E603B9DBD05F80956DD87FE74B600425778AA8406C97C97D9BB411D12E04FECB3847E55C2F8C5BB4D1
SHA512 4C5ED1BB7388E818DEE3BFC2E7ABF6242A9209C8E584B76FD9EFFDE227D86D0C0DF71989408D788F2B760B6F70670A3ECC817DE81982C4C971A092891042C28B
SSDEEP 3072:2RILGhUoHYhwTlMWTmuk3K5VGjCJoY46Hd6n3o9X9gm:2IAVHYh6llnk3AohWvN
IMP 00DCE297A9678A6F6ED1B33E5EFD46E7
PESHA1 30A2CB4127C774210655739C6FAA908BE5290D8D
PE256 A445ADD835FD4958F2A253E3C52D80D61BC580384E6ED79C16289A448E225DAA

Runtime Data

Loaded Modules:

Path
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.135.29\MicrosoftEdgeUpdateComRegisterShell64.exe
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\SHLWAPI.dll

Signature

  • Status: Signature verified.
  • Serial: 330000018B4CB8EB9D8F8AC0E900000000018B
  • Thumbprint: 345924CFF734F83EA95D3A1C022F438C030CC197
  • Issuer: CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: MicrosoftEdgeUpdateComRegisterShell64.exe
  • Product Name: Microsoft Edge Update
  • Company Name: Microsoft Corporation
  • File Version: 1.3.135.29
  • Product Version: 1.3.135.29
  • Language: English (United States)
  • Legal Copyright: Copyright Microsoft Corporation
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/69
  • VirusTotal Link: https://www.virustotal.com/gui/file/f6ff5adfe17b07d48613229ffd187cce2c7677ae7bcf38daa77ed7e158cd2bc2/detection/

Possible Misuse

The following table contains possible examples of MicrosoftEdgeUpdateComRegisterShell64.exe being misused. While MicrosoftEdgeUpdateComRegisterShell64.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma registry_event_persistence_search_order.yml Image\|endswith: '\MicrosoftEdgeUpdateComRegisterShell64.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.