» regsvr.exe
Overview
Analysis
File Details

regsvr.exe

The executable regsvr.exe has been detected as malware by 27 anti-virus scanners.

File name:

regsvr.exe

MD5:

91b1d706f6b19439f43ac1ad931403e9

SHA-1:

e829eeed11c6b51a811dba720b9ad6ce3695f74f

SHA-256:

3b5e9c9dc13f40489a21fce215e15708d832b10c11e13348fca630f9ef8b4c1f

Scanner detections:

27 / 68

Status:

Malware

Analysis date:

4/30/2024 7:38:57 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

W32/Sality.Y

7.10.6.23

Emsisoft A-Squared

Trojan.Autoit!IK

4.5.0.50

avast!

AutoIt:AutoRun-B2

2014.9-170311

AVG

Ardamax

2018.0.2442

Bitdefender

Win32.Worm.AutoIt.AC

1.0.20.350

Clam AntiVirus

PUA.Packed.ASPack

0.98/17011

Comodo Security

TrojWare.Win32.Trojan.Autoit.ci0

4486

Dr.Web

Win32.HLLW.Autoruner.5517

9.0.1.070

ESET NOD32

Win32/Autoit.EP.Gen

11.4996

Fortinet FortiGate

W32/Autorun.VDX!worm

3/11/2017

F-Prot

W32/Trojan2.DFYJ

v6.4.5.1.85

F-Secure

IM-Worm:W32/Sohanad.HM

11.2017-11-03_7

G Data

Win32.Worm.AutoIt.AC

17.3.19

IKARUS anti.virus

Trojan.Autoit

t3scan.1.1.80.0

K7 AntiVirus

Trojan.Win32.Autoit.ci

13.7.10.1004

Kaspersky

Trojan.Win32.Autoit

14.0.0.-1294

McAfee

W32/Autorun.worm.f

5600.6098

Microsoft Security Essentials

Worm:Win32/Nuqel.Z

1.163.1557.0

Norman

Sohanad.gen9

11.20170311

nProtect

Trojan/W32.AutoIt.690337

2009.1.8.0

Panda Antivirus

W32/Sality.AK

17.03.11.05

Quick Heal

Trojan.ModTool.a

3.17.10.00

Rising Antivirus

Win32.KUKU.a

23.00.65.17309

Sophos

W32/Tiotua-R

4.52

Trend Micro

WORM_IMAUT.HB

10.465.11

Vba32 AntiVirus

Worm.Win32.AutoIt.x

3.12.12.4

ViRobot

Trojan.Win32.Autoit.617343.D

2010.4.3.2259

File size:

674.2 KB (690,337 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\regsvr.exe

File PE Metadata

Compilation timestamp:

11/25/2007 2:51:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

Entry address:

0xA5001

Entry point:

60, E8, 03, 00, 00, 00, E9, EB, 04, 5D, 45, 55, C3, E8, 01, 00, 00, 00, EB, 5D, BB, ED, FF, FF, FF, 03, DD, 81, EB, 00, 50, 0A, 00, 83, BD, 22, 04, 00, 00, 00, 89, 9D, 22, 04, 00, 00, 0F, 85, 65, 03, 00, 00, 8D, 85, 2E, 04, 00, 00, 50, FF, 95, 4D, 0F, 00, 00, 89, 85, 26, 04, 00, 00, 8B, F8, 8D, 5D, 5E, 53, 50, FF, 95, 49, 0F, 00, 00, 89, 85, 4D, 05, 00, 00, 8D, 5D, 6B, 53, 57, FF, 95, 49, 0F, 00, 00, 89, 85, 51, 05, 00, 00, 8D, 45, 77, FF, E0, 56, 69, 72, 74, 75, 61, 6C, 41, 6C, 6C, 6F, 63, 00, 56, 69, 72... 
[+]

Entropy:

7.8589

Packer / compiler:

ASPack v2.12

Code size:

404.5 KB (414,208 bytes)

Remove regsvr.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.