regedt32.exe

  • File Path: C:\Windows\SysWOW64\regedt32.exe
  • Description: Registry Editor Utility

Hashes

Type Hash
MD5 45E64C8B5EBBBDCB238DFA04D8BD766B
SHA1 090E4AFB9A2B80C7D59CFCFDB62824118C1385CC
SHA256 B9737529CF058D4F381D645F688396ABEE74EDD9FB87B033475C22DD9BA05B4D
SHA384 D8A5C77BF6097EDF801207A3B4EAE82449015480F39EE9C89AF1C25887213B0FF3D279216F6E8FD7E9EBAE96FA8BEBE2
SHA512 3FFBEBEB5999BAE8FA6C8E693591F9D0AD28B3CE338C3B231D3230558B77AF9B7F406414110EDB9C8C3DD156987C9FC9C8038199C526FE48AF8BB9F268E915AB
SSDEEP 192:ZUGV9X0+i2Ro4yTd50lFoYhfkmMWkxWM:So9X0+q4kS2YfMWkxW

Runtime Data

Child Processes:

regedit.exe

Signature

  • Status: Signature verified.
  • Serial: 33000001733031072665B8B9B3000000000173
  • Thumbprint: 14590DC5C3AAF238FCFD7785B4B93F4071402C34
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: regedt32.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.14393.0 (rs1_release.160715-1616)
  • Product Version: 10.0.14393.0
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of regedt32.exe being misused. While regedt32.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_grizzlybear_uscert.yar $a3 = “regedt32.exe” wide nocase CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.