home

RegAsm.exe

Microsoft .NET Framework

Microsoft Corporation

RegAsm.exe is the Assembly Registration tool reads the metadata within an assembly and adds the necessary entries to the registry, which allows COM clients to create .NET Framework classes. This is a setup program which is used to install the application. The file has been seen being downloaded from s18054589.onlinehome-server.info and multiple other hosts.
Publisher:
Microsoft Corporation

Product:
Microsoft® .NET Framework

Description:
Microsoft .NET Assembly Registration Utility

Version:
2.0.50727.3053 (netfxsp.050727-3000)

MD5:
b4567e3f36b2d37ad52a5bd6642913b7

SHA-1:
6bb81d7d88ca7d6c2498273aa2c28c8486919c80

SHA-256:
145cd0b29d46c03ed7da0b39d292f5ec3a0c43dd2f3485466ef4251b7d4dad8f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
1/15/2025 4:46:17 AM UTC  (today)

File size:
52 KB (53,248 bytes)

Product version:
2.0.50727.3053

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
RegAsm.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\win\microsoft.net\framework\urtinstallpath\regasm.exe

File PE Metadata
Compilation timestamp:
7/25/2008 4:02:47 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:AP2Bbv+VazyoD2z9TU//1mz1+M9GnLEu+2seFRJS8c:rJv46yoD2BTNz1+M9GLftw8c

Entry address:
0xB7DE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
40 KB (40,960 bytes)

The file RegAsm.exe has been seen being distributed by the following 2 URLs.

http://s18054589.onlinehome-server.info//uploads/.../RegAsm.exe

http://rtpalmas01.rtp.netapp.com:82/regasm.exe

Scan RegAsm.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.