home

RegAsm.exe

Microsoft .NET Framework

Yuna Software Limited

RegAsm.exe is the Assembly Registration tool reads the metadata within an assembly and adds the necessary entries to the registry, which allows COM clients to create .NET Framework classes and is recompiled by Yuna Software Limited. Note, this is a common distributed file and although it has been detected it might not be a threat is un-coupled from its distribution source.
Publisher:
Microsoft Corporation  (signed by Yuna Software Limited)

Product:
Microsoft® .NET Framework

Description:
Microsoft .NET Assembly Registration Utility

Version:
2.0.50727.4927 (NetFXspW7.050727-4900)

MD5:
0d18c92d60f990ddfef36e4a600e02d8

SHA-1:
1c12c20ea49682d440fdb40b70b00c28a2c629df

SHA-256:
5d4c17ee9842fd6a0033f00b466a1842df5a855d08c93713209953e0c33ce852

Scanner detections:
1 / 68

Status:
Inconclusive but possibly unwanted  (It is part of a common redistributable library)

Analysis date:
4/19/2024 11:41:06 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
Common.PartOf.PUP.Optional.YunaSoftware
16.2.11.12

File size:
57.4 KB (58,736 bytes)

Product version:
2.0.50727.4927

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
RegAsm.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\smartbar\application\regasm.exe

Digital Signature
Signed by:
Yuna Software Limited

Authority:
VeriSign, Inc.

Valid from:
10/20/2009 2:00:00 AM

Valid to:
10/20/2012 1:59:59 AM

Subject:
CN=Yuna Software Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Yuna Software Limited, L=St. Helier, S=Jersey, C=GB

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6DF4318F9EA4EEB8E01F4B0B02CDF983

File PE Metadata
Compilation timestamp:
6/4/2009 7:30:41 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:sP2Bbv+VazyoD2z9TU//1mz1+M9GnLEu+27RFRJS85xVIILxbCspAtt:PJv46yoD2BTNz1+M9GLfxw85x1NCspAv

Entry address:
0xB7DE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
40 KB (40,960 bytes)

Scan RegAsm.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.