regedt32.exe

  • File Path: C:\WINDOWS\SysWOW64\regedt32.exe
  • Description: Registry Editor Utility

Hashes

Type Hash
MD5 AB3AAE0581AD23B9BE3415717117763A
SHA1 3BF19839E3326F8BC4BBBC9A68899843C2E9E7EE
SHA256 D3008DAE96877D54BE410280B6C8ED7D8ACAB7E73C864AB1E3DE2AA434AD8AFE
SHA384 7AFDF1235A24ABA6495C92D493000768A2A184C7464C52F24D685139582DB3D4680D1C6975B7834B83D612798D8333DC
SHA512 651CEDB00B4E1A0E726FBA73C270BBB0C41823C95771333B89C60CE800D590AD787EC09699B152B30A46A714967128115887E8A5C19596CD748386C89FCAF066
SSDEEP 96:y4IPtPJZOa4ER2I5HT4RJDWzsonltZY63mbwDJFMVWhLEWmZhHWwcq:TI1JdpJddRzZY63mbmkWExW7q
IMP FA8607DE86B3096660A35E6483D8EACA
PESHA1 B6F72A0F89544C9F26B493C0984AB4F620389AD5
PE256 4D58F83576238FAB3955493E124A0AE204F2ED6FA203F6515A7B99071DE587F0

Runtime Data

Child Processes:

regedit.exe

Loaded Modules:

Path
C:\WINDOWS\SYSTEM32\ntdll.dll
C:\WINDOWS\System32\wow64.dll
C:\WINDOWS\SysWOW64\regedt32.exe

Signature

  • Status: Signature verified.
  • Serial: 33000002ED2C45E4C145CF48440000000002ED
  • Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: regedt32.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.22000.1 (WinBuild.160101.0800)
  • Product Version: 10.0.22000.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/74
  • VirusTotal Link: https://www.virustotal.com/gui/file/d3008dae96877d54be410280b6c8ed7d8acab7e73c864ab1e3de2aa434ad8afe/detection

Possible Misuse

The following table contains possible examples of regedt32.exe being misused. While regedt32.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_grizzlybear_uscert.yar $a3 = “regedt32.exe” wide nocase CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.