offreg.dll

• File Path: C:\Windows\system32\offreg.dll
• Description: Offline registry DLL

Hashes

Type	Hash
MD5	1083DF4F9423751F6C107E1BAAE2501B
SHA1	6B7BEDE60A96319DCE8042DD889192CE33DE7243
SHA256	A08DB8AE56C878B092DC1CA87588B7FA33AB3AD6D3EDC5A4CBC781727FF15972
SHA384	241EA51BEED0C2D699177A8A0306686F084089DF18DCA31DE895F4C325CF03970F403C0DA6EF34BE367AF640431701D7
SHA512	F3C2FBBCCCE259F866005EAAF531B8860912DBA59C559A5CF3490B9D77F3F6B70BD20308AFD937851E989274164DFBFC3F366CF0D85A7CC4BA094F6D183385D4
SSDEEP	1536:OpiyhaV2nOnURVQJg3ukah37IyeHvNIYICV:OpYUOURVKJOyyI5u
IMP	5B4A59596C84BEFAAFD2C960EFA97383
PESHA1	7FDC5C5FB64FB2BAD276AADD6E10029DEB131726
PE256	B0B904491C4D7D84F2852FA641F9E9732FB14D1A1E6901D8F1BD60EEE0597846

DLL Exports:

Function Name	Ordinal	Type
OROpenHiveByHandle	15	Exported Function
OROpenKey	16	Exported Function
OROpenHive	14	Exported Function
ORGetVirtualFlags	12	Exported Function
ORMergeHives	13	Exported Function
ORQueryInfoKey	17	Exported Function
ORSetValue	21	Exported Function
ORSetVirtualFlags	22	Exported Function
ORSetKeySecurity	20	Exported Function
ORRenameKey	18	Exported Function
ORSaveHive	19	Exported Function
ORCreateKey	4	Exported Function
ORDeleteKey	5	Exported Function
ORCreateHive	3	Exported Function
ORCloseHive	1	Exported Function
ORCloseKey	2	Exported Function
ORDeleteValue	6	Exported Function
ORGetValue	10	Exported Function
ORGetVersion	11	Exported Function
ORGetKeySecurity	9	Exported Function
OREnumKey	7	Exported Function
OREnumValue	8	Exported Function

Signature

• Status: Signature verified.
• Serial: 330000023241FB59996DCC4DFF000000000232
• Thumbprint: FF82BC38E1DA5E596DF374C53E3617F7EDA36B06
• Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
• Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

• Original Filename: offreg.dll
• Product Name: Microsoft Windows Operating System
• Company Name: Microsoft Corporation
• File Version: 10.0.19041.1 (WinBuild.160101.0800)
• Product Version: 10.0.19041.1
• Language: English (United States)
• Legal Copyright: Microsoft Corporation. All rights reserved.
• Machine Type: 64-bit

File Scan

• VirusTotal Detections: 0/71
• VirusTotal Link: https://www.virustotal.com/gui/file/a08db8ae56c878b092dc1ca87588b7fa33ab3ad6d3edc5a4cbc781727ff15972/detection/

MIT License. Copyright (c) 2020-2021 Strontic.