home

RegAsm.exe

Microsoft .NET Framework

Linkury

This is part of the Linkury monetization software, a web browser toolbar used to 'hijack' a user's search in order to collect revenues. RegAsm.exe is the Assembly Registration tool reads the metadata within an assembly and adds the necessary entries to the registry, which allows COM clients to create .NET Framework classes and is recompiled by Linkury. The executable RegAsm.exe, “Microsoft .NET Assembly Registration Utility” by Linkury has been known to be a potentially unwanted program that has been detected by 1 anti-malware scanner. Note, this is a common distributed file and although it has been detected it might not be a threat is un-coupled from its distribution source.
Publisher:
Microsoft Corporation  (signed by Linkury)

Product:
Microsoft® .NET Framework

Description:
Microsoft .NET Assembly Registration Utility

Version:
2.0.50727.4927 (NetFXspW7.050727-4900)

MD5:
1fc81b426153dedea5a3a3fa769c2ae8

SHA-1:
337fa18b24059024824e037586eb3aa84ac888ea

SHA-256:
5d0b831b3a4a213e43da7d440ec0a409d2b5b01afcac8e64c670b241c24948e8

Scanner detections:
1 / 68

Status:
Inconclusive but possibly unwanted  (It is part of a common redistributable library)

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/19/2024 2:22:53 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Common.PartOf.PUP.Linkury (M)
16.2.11.20

File size:
58.3 KB (59,672 bytes)

Product version:
2.0.50727.4927

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
RegAsm.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\smartbar\application\regasm.exe

Digital Signature
Signed by:
Linkury

Authority:
VeriSign, Inc.

Valid from:
4/11/2012 9:00:00 PM

Valid to:
5/11/2015 8:59:59 PM

Subject:
CN=Linkury, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Linkury, L=Ramat Gan, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
77A9B89A06B99100955A838E8BB46FF8

File PE Metadata
Compilation timestamp:
6/4/2009 2:30:41 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:/P2Bbv+VazyoD2z9TU//1mz1+M9GnLEu+27RFRJS85x4:mJv46yoD2BTNz1+M9GLfxw85x

Entry address:
0xB7DE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
40 KB (40,960 bytes)

Scan RegAsm.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.