regedt32.exe

  • File Path: C:\WINDOWS\system32\regedt32.exe
  • Description: Registry Editor Utility

Hashes

Type Hash
MD5 A7F7948EAA6287A29805FFD997E4016F
SHA1 48B292695C42A71A127F4599BFA03BCBA662A3D6
SHA256 34DE90AD6602150328E106E4E8279E2F3399A729BFF54C32FAD60B453BC8C718
SHA384 FAE83124FA64EF2719455102CCB1F24FBABC8520EBE0E53184569240FBE85D5CDAFEDDA0DA810AF7FA615730B94FFC8E
SHA512 0C2F81845A8908CCD6FF6390EEA50223BD0A2FE2B86A528C716CA8F09BE7BC2FCEB15C1469A4A72AF34C892FB71775A2D1258E5E2E737403D8F0948A37B1F4EE
SSDEEP 192:Iry5FafCNQdQ54KRU7asy+HMqKlsgi6MtU/w80WWxW:vujS2KG7R9gihtX80WWxW

Signature

  • Status: Signature verified.
  • Serial: 330000023241FB59996DCC4DFF000000000232
  • Thumbprint: FF82BC38E1DA5E596DF374C53E3617F7EDA36B06
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: regedt32.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.18362.1 (WinBuild.160101.0800)
  • Product Version: 10.0.18362.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\Windows\system32\regedt32.exe 60

Possible Misuse

The following table contains possible examples of regedt32.exe being misused. While regedt32.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_grizzlybear_uscert.yar $a3 = “regedt32.exe” wide nocase CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.