home

regsvr.exe

The executable regsvr.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Msn Messsenger’.
MD5:
ddef3ce55ba824fa9a7e5a72725aa03b

SHA-1:
935e6f2a4e57e27664b1e4d47227ddadcadd213d

SHA-256:
d5109c7d09cfd7ecd0694e2bdcccc37804acbc2de5b21b0c3529fe5ce2ad7f22

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
4/26/2024 12:31:52 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Tojan.Click (H)
17.3.16.13

File size:
1.2 MB (1,235,930 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\regsvr.exe

File PE Metadata
Compilation timestamp:
11/25/2007 5:21:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

Entry address:
0x115000

Entry point:
90, 90, 68, A6, B8, 2D, 00, 58, 90, 68, 20, 50, 51, 00, 5A, 68, 98, 05, 00, 00, 5E, 90, 31, 04, 32, 90, 83, EE, 02, 83, EE, 02, 90, 90, 75, F2, 4E, C5, 2C, 00, A6, B8, 2D, 00, A6, B8, 6D, 00, A7, E8, 27, 00, A6, 9E, 3D, 00, 7C, 93, 3D, 00, A6, 08, 2F, 00, 59, 47, D2, FF, FA, E7, 67, 00, DD, E7, 67, 00, 2A, E7, 67, 00, A6, B8, 2D, 00, A6, B8, 2D, 00, A6, B8, 2D, 00, FA, CF, 2E, 00, DF, E7, 27, 00, 2C, E7, 27, 00, A6, B8, 2D, 00, A6, B8, 2D, 00, A6, B8, 2D, 00, A6, B8, 2D, 00, A6, B8, 2D, 00, 88, DF, 49, 61...
 
[+]

Entropy:
7.8469  (probably packed)

Code size:
404.5 KB (414,208 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Msn Messsenger

Command:
C:\users\{user}\appdata\roaming\regsvr.exe


Remove regsvr.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.