home

RegAsm.exe

Microsoft .NET Framework

ReSoft LTD.

RegAsm.exe is the Assembly Registration tool reads the metadata within an assembly and adds the necessary entries to the registry, which allows COM clients to create .NET Framework classes and is recompiled by ReSoft LTD.. The executable RegAsm.exe, “Microsoft .NET Assembly Registration Utility” by ReSoft has been known to be a potentially unwanted program that has been detected by 1 anti-malware scanner. Although a detection has been made for this resource, it is generally a commonly distributed 3rd-party library and is typically safe by itself.
Publisher:
Microsoft Corporation  (signed by ReSoft LTD.)

Product:
Microsoft® .NET Framework

Description:
Microsoft .NET Assembly Registration Utility

Version:
2.0.50727.4927 (NetFXspW7.050727-4900)

MD5:
badb53be1f1eb0a928eca362cfce484e

SHA-1:
6b06a2a9d49416fb21a58c87a11795159622a1e6

SHA-256:
2feb60a87e938a9b816e3a6d03231ed90143200f5fe720c7868b99c90a55ab40

Scanner detections:
1 / 68

Status:
Inconclusive but possibly unwanted  (It is part of a common redistributable library)

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/25/2024 10:17:59 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Common.PartOf.PUP.Resoft (M)
16.2.15.5

File size:
58.6 KB (59,976 bytes)

Product version:
2.0.50727.4927

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
RegAsm.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\smartbar\application\regasm.exe

Digital Signature
Signed by:
ReSoft LTD.

Authority:
COMODO CA Limited

Valid from:
7/30/2012 1:00:00 AM

Valid to:
7/31/2013 12:59:59 AM

Subject:
CN=ReSoft LTD., O=ReSoft LTD., STREET=4th Hanevi'im, L=Tel Aviv, S=Israel, PostalCode=64356, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
7ABDE829D4244ADA77EE42C7A70C0FA3

File PE Metadata
Compilation timestamp:
6/4/2009 6:30:41 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:JP2Bbv+VazyoD2z9TU//1mz1+M9GnLEu+27RFRJS85xeIILZ8k:cJv46yoD2BTNz1+M9GLfxw85xiSk

Entry address:
0xB7DE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.9682

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
40 KB (40,960 bytes)

Scan RegAsm.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.