regedt32.exe

  • File Path: C:\windows\system32\regedt32.exe
  • Description: Registry Editor Utility

Hashes

Type Hash
MD5 97FE25D7BEF50046D84FDE5EF6D16245
SHA1 9741B3E1B5339B2E1235DA06D1E24E133FA54915
SHA256 1E6361D657ED6A3D2B20C8FA71D2A04E6117B7109A8C1C21D7C510F0965BE181
SHA384 082BE5AD3EFE0B151BD5A6E44EE224926A6D55A2075B5527DF052B575FC727C54ECBF68B649E6BDC0B9B33F0360A11D4
SHA512 D6D1C7404DA683ECF4F47D569EE35F996BD8859E1D4BEA8E901BC1D884AE080D9D93D714D83B0B9142CE547CF79574CF25D463DBA85916A83134576E714B5FA1
SSDEEP 192:BOP5p7XksF1Bp+JMCyejA7pM+Y0WpxWCg:Qp70srmRA7e0WpxWCg

Signature

  • Status: The file C:\windows\system32\regedt32.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: regedt32.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 6.3.9600.17415 (winblue_r4.141028-1500)
  • Product Version: 6.3.9600.17415
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of regedt32.exe being misused. While regedt32.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_grizzlybear_uscert.yar $a3 = “regedt32.exe” wide nocase CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.