ResetEngine.exe

File Path: C:\Windows\system32\ResetEngine.exe
Description: Push-Button Reset Engine

Hashes

Type	Hash
MD5	`5D20EF28D0B222CA57F47524F2D3E8C0`
SHA1	`D02A33A2E1BABAE5C7FF753800B5AD1C930A708C`
SHA256	`E91DE86C7BE50A588EFFA24707B2EFC4D51A7728C8D1DB281F5334B34284AE67`
SHA384	`817C584A1F71CCC73B0ABBE524107F3E617E4F6BAD02ACBB32263E5CCDF3CAF79AB6484B64850ED251F87675B53C3C91`
SHA512	`239FBDB12F9E762B1E752418030D0FD972EF0C4342B6A302CBCA91101554F12630418C600329D47A663A65DB91875A85B1414B5BDE9F517C47AF98EC06145622`
SSDEEP	`384:d3lfHLUNi4m1mglACsRW3eWsr6wDDBRJ6imfklIc9Q2:TrCvglhsOsr6wD1P7Q2`
IMP	`D1CCC9D0A0240603DC3279F82F80F8D3`
PESHA1	`35099986A419B5DCDB4F05058CB205AB936FDF0A`
PE256	`9645C0A39EA595FCC1DA453FCD27485EC7BC2DDDB1947D2397C19C5128BF326D`

Runtime Data

Child Processes:

csrss.exe winlogon.exe

Loaded Modules:

Path
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\system32\ResetEngine.exe
C:\Windows\System32\SHELL32.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\System32\USER32.dll
C:\Windows\System32\win32u.dll

Signature

Status: Signature verified.
Serial: 3300000266BD1580EFA75CD6D3000000000266
Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

Original Filename: RESETENGINE.EXE
Product Name: Microsoft Windows Operating System
Company Name: Microsoft Corporation
File Version: 10.0.19041.630 (WinBuild.160101.0800)
Product Version: 10.0.19041.630
Language: English (United States)
Legal Copyright: Microsoft Corporation. All rights reserved.
Machine Type: 64-bit

File Scan

VirusTotal Detections: 0/76
VirusTotal Link: https://www.virustotal.com/gui/file/e91de86c7be50a588effa24707b2efc4d51a7728c8d1db281f5334b34284ae67/detection

File Similarity (ssdeep match)

File	Score
C:\Windows\system32\6bea57fb-8dfb-4177-9ae8-42e8b3529933_RuntimeDeviceInstall.dll	35
C:\Windows\system32\DeviceCensus.exe	33
C:\Windows\system32\LocationFrameworkPS.dll	43
C:\Windows\system32\migwiz\migres.dll	35
C:\Windows\system32\ResetEngine.exe	57
C:\Windows\system32\ResetEngine.exe	50
C:\Windows\system32\ResetEngine.exe	58
C:\Windows\system32\ScriptRunner.exe	35
C:\Windows\system32\ScriptRunner.exe	41
C:\Windows\system32\SysResetErr.exe	35
C:\Windows\system32\WerEnc.dll	38
C:\Windows\SystemApps\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\UndockedDevKit.exe	32
C:\Windows\SysWOW64\backgroundTaskHost.exe	35
C:\Windows\SysWOW64\dllhost.exe	29
C:\Windows\SysWOW64\WerEnc.dll	38

MIT License. Copyright (c) 2020-2021 Strontic.