regedt32.exe
- File Path:
C:\WINDOWS\SysWOW64\regedt32.exe - Description: Registry Editor Utility
Hashes
| Type | Hash |
|---|---|
| MD5 | AB3AAE0581AD23B9BE3415717117763A |
| SHA1 | 3BF19839E3326F8BC4BBBC9A68899843C2E9E7EE |
| SHA256 | D3008DAE96877D54BE410280B6C8ED7D8ACAB7E73C864AB1E3DE2AA434AD8AFE |
| SHA384 | 7AFDF1235A24ABA6495C92D493000768A2A184C7464C52F24D685139582DB3D4680D1C6975B7834B83D612798D8333DC |
| SHA512 | 651CEDB00B4E1A0E726FBA73C270BBB0C41823C95771333B89C60CE800D590AD787EC09699B152B30A46A714967128115887E8A5C19596CD748386C89FCAF066 |
| SSDEEP | 96:y4IPtPJZOa4ER2I5HT4RJDWzsonltZY63mbwDJFMVWhLEWmZhHWwcq:TI1JdpJddRzZY63mbmkWExW7q |
| IMP | FA8607DE86B3096660A35E6483D8EACA |
| PESHA1 | B6F72A0F89544C9F26B493C0984AB4F620389AD5 |
| PE256 | 4D58F83576238FAB3955493E124A0AE204F2ED6FA203F6515A7B99071DE587F0 |
Runtime Data
Child Processes:
regedit.exe
Loaded Modules:
| Path |
|---|
| C:\WINDOWS\SYSTEM32\ntdll.dll |
| C:\WINDOWS\System32\wow64.dll |
| C:\WINDOWS\SysWOW64\regedt32.exe |
Signature
- Status: Signature verified.
- Serial:
33000002ED2C45E4C145CF48440000000002ED - Thumbprint:
312860D2047EB81F8F58C29FF19ECDB4C634CF6A - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: regedt32.exe
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.22000.1 (WinBuild.160101.0800)
- Product Version: 10.0.22000.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/74
- VirusTotal Link: https://www.virustotal.com/gui/file/d3008dae96877d54be410280b6c8ed7d8acab7e73c864ab1e3de2aa434ad8afe/detection
Possible Misuse
The following table contains possible examples of regedt32.exe being misused. While regedt32.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| signature-base | apt_grizzlybear_uscert.yar | $a3 = “regedt32.exe” wide nocase | CC BY-NC 4.0 |
MIT License. Copyright (c) 2020-2021 Strontic.