regedt32.exe

  • File Path: C:\Windows\system32\regedt32.exe
  • Description: Registry Editor Utility

Hashes

Type Hash
MD5 0FB25FCF2B4394A2F284E9177D759E5D
SHA1 42F80C7EAF11EF8B273219016E3FD4185F82E797
SHA256 22B4CD68F04B2494150715E9D2C0ECEFD8BE146FE37B764DA97DA7A1CEE8BEA5
SHA384 1A46CFB4A5A6CB7AA84D4A4195944C1D3F583EF74F74F35DCA3008F074DA084A698E3A14D5788873B840827F6EAF07C5
SHA512 5B22E4FD9C04CBF1DECD8F0D0E1402943708E331DA1CDE909D875070A88949325A89ECBB8025C2194EC97C0B31A39EE91BC6F82C8D90B5C58223D6149DF2EA92
SSDEEP 192:XPil/ux2Z59T7/BgTopR5TY46mCTr1i6Ohx9IVqMWkxW:SU2fte8pRJRC31iDdMWkxW

Runtime Data

Child Processes:

regedit.exe

Signature

  • Status: Signature verified.
  • Serial: 33000001733031072665B8B9B3000000000173
  • Thumbprint: 14590DC5C3AAF238FCFD7785B4B93F4071402C34
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: regedt32.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.14393.0 (rs1_release.160715-1616)
  • Product Version: 10.0.14393.0
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of regedt32.exe being misused. While regedt32.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_grizzlybear_uscert.yar $a3 = “regedt32.exe” wide nocase CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.