wowreg32.exe

File Path: C:\Windows\system32\wowreg32.exe
Description: SetupAPI 64-bit Surrogate

Hashes

Type	Hash
MD5	`57B64CFD13053DFF78319859D898556B`
SHA1	`3DE1EAD949516AE242E267D60ECD4D084039982D`
SHA256	`2E021F5641EE030C3292173D3B7BE0EDE018FF6096CC46F31B510D2A53103F83`
SHA384	`C0E913567713C18DDA4744DE1BAF432A6C4824F33128AC16028D91157A251B24BFD84603B23EBCC611A0C24BAE805034`
SHA512	`82769D9D24A502B30BF732182659152452A1315AFC867DF56CFEA328761984FF5916C16FBB26AC6E87BFA1F04FBB0ECC279240F3A062F7F87EB3661E2E079B5A`
SSDEEP	`384:o//v1X5Ns17zhiel+5Ob+jpCxN711j4pKLMWguZjHW:o//v1DslzhhgvpCz7w+9Zj`
IMP	`9E395710D74BF587FAC4F5CA37BF2548`
PESHA1	`1B02580EFB72CBAD37279E69D7FF52D7CB8F7792`
PE256	`5F46C43F83BE7D64ADE0ECA349C90055D1EB65F974482702AED27443EB2571D4`

Runtime Data

Loaded Modules:

Path
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\system32\wowreg32.exe

Signature

Status: Signature verified.
Serial: 33000002EC6579AD1E670890130000000002EC
Thumbprint: F7C2F2C96A328C13CDA8CDB57B715BDEA2CBD1D9
Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

Original Filename: WOWREG32.EXE
Product Name: Microsoft Windows Operating System
Company Name: Microsoft Corporation
File Version: 10.0.19041.1237 (WinBuild.160101.0800)
Product Version: 10.0.19041.1237
Language: English (United States)
Legal Copyright: Microsoft Corporation. All rights reserved.
Machine Type: 64-bit

File Scan

VirusTotal Detections: 0/73
VirusTotal Link: https://www.virustotal.com/gui/file/2e021f5641ee030c3292173d3b7be0ede018ff6096cc46f31b510d2a53103f83/detection

File Similarity (ssdeep match)

File	Score
C:\Windows\system32\wowreg32.exe	83
C:\Windows\system32\wowreg32.exe	55

MIT License. Copyright (c) 2020-2021 Strontic.