regedt32.exe
- File Path:
C:\Windows\system32\regedt32.exe
- Description: Registry Editor Utility
Hashes
Type | Hash |
---|---|
MD5 | C6B24486DE73A457D582F6BEEAABC983 |
SHA1 | B876B5C799226F6D6DBC4348B161DE8F457EA968 |
SHA256 | A83D55C6F3FD0E634D4CD570CED654A8BDC1776027680BC3F003476E764CC499 |
SHA384 | 4ACE1A903F35E55CC5EB69BA1062426CB47956DE6D4FE2AA5C8EE60532CC2A53460C8F6979C01D2ACD3308B8FFA8B84C |
SHA512 | 59D38AE1A915C73D565BDECB9FF10C3074B021DC2D2B144DD6636FB59BF15085C76A306F09403617065FE21A3DEC91B4F744FE63EA79004DF0DC730E14E6557C |
SSDEEP | 192:9cIya1bGZuqvFJscKonxSWR8ji6ZPl6cMWbxW:KIyQbQuOfx5nEXiENMWbxW |
IMP | A3060EC916831020104FAE5BC9414975 |
PESHA1 | B37CE6AFB3F6D6F557B1F7825E143635379F33C6 |
PE256 | 855057B96229B2831E5F9FC2506043D5DDA0B7CC0E04F6F6EDA09785F52AFCCC |
Runtime Data
Child Processes:
regedit.exe
Loaded Modules:
Path |
---|
C:\Windows\System32\GDI32.dll |
C:\Windows\System32\gdi32full.dll |
C:\Windows\System32\KERNEL32.DLL |
C:\Windows\System32\KERNELBASE.dll |
C:\Windows\System32\msvcp_win.dll |
C:\Windows\System32\msvcrt.dll |
C:\Windows\SYSTEM32\ntdll.dll |
C:\Windows\system32\regedt32.exe |
C:\Windows\System32\SHELL32.dll |
C:\Windows\System32\ucrtbase.dll |
C:\Windows\System32\USER32.dll |
C:\Windows\System32\win32u.dll |
Signature
- Status: Signature verified.
- Serial:
3300000266BD1580EFA75CD6D3000000000266
- Thumbprint:
A4341B9FD50FB9964283220A36A1EF6F6FAA7840
- Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: regedt32.exe
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.19041.1 (WinBuild.160101.0800)
- Product Version: 10.0.19041.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/76
- VirusTotal Link: https://www.virustotal.com/gui/file/a83d55c6f3fd0e634d4cd570ced654a8bdc1776027680bc3f003476e764cc499/detection
Possible Misuse
The following table contains possible examples of regedt32.exe
being misused. While regedt32.exe
is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
Source | Source File | Example | License |
---|---|---|---|
signature-base | apt_grizzlybear_uscert.yar | $a3 = “regedt32.exe” wide nocase | CC BY-NC 4.0 |
MIT License. Copyright (c) 2020-2021 Strontic.