regedt32.exe

  • File Path: C:\windows\SysWOW64\regedt32.exe
  • Description: Registry Editor Utility

Hashes

Type Hash
MD5 81B05E9BC8632CE42CA0DA7615F27B9F
SHA1 0BCF47AE7ECA9203FD4D5DFDCAF833AF677E8723
SHA256 066151EA27DA27CA88B05235E0B917E4ABFCD0544BEAB1B2ED24E1724C48AB8D
SHA384 BA07F3E7459A0CB4D657CA2AA8BA207F3FE03FC57A66D29F4E228ABE33F32B138174557F8223CF292E1CAE36C9F22336
SHA512 542D568B25461F55338992672AD5102E2314D00E01DB2953A564016A34EA7E8C6BE395308F7F29A4B584803F3F6F6F3F56818911E004BA34B443A4B11C1BBC31
SSDEEP 96:ZhDtmfaKIBXeDNn0c8iyIRoYnfY0DWPTceQO0RmvB8OOBFp3ew+DJFMVWtEW3ZhK:2kXyqCRokCTxPvB8OOBFp39U0WpxWT

Signature

  • Status: The file C:\windows\SysWOW64\regedt32.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: regedt32.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 6.3.9600.17415 (winblue_r4.141028-1500)
  • Product Version: 6.3.9600.17415
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of regedt32.exe being misused. While regedt32.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_grizzlybear_uscert.yar $a3 = “regedt32.exe” wide nocase CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.