home

regsvr.exe

The executable regsvr.exe has been detected as malware by 39 anti-virus scanners.
MD5:
656dd6010a605669bb6744ac9413c7d7

SHA-1:
4c5360ac2a1b02e03744c14b7387936d34a7fee0

SHA-256:
29c14d30c230615ef2a6a910e0644f00175d8963e83da2bb0229ba51664de375

Scanner detections:
39 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/1/2025 8:05:48 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.SlugIn.A
-40

AegisLab AV Signature
Worm.W32.Autorun!c
2.1.4+

AhnLab V3 Security
Win32/Slugin
2016.05.22

Avira AntiVirus
TR/Autoit.CI.14
8.3.3.4

Arcabit
Win32.SlugIn.A
1.0.0.688

avast!
Win32:Patched-HO [Trj]
2014.9-170315

AVG
Worm/AutoRun
2018.0.2438

Baidu Antivirus
Win32.Virus.Slugin
4.0.3.17315

Bitdefender
Win32.SlugIn.A
1.0.20.370

Bkav FE
W32.OlayFara.PE
1.3.0.8042

Clam AntiVirus
Win.Trojan.Siggen-2
0.98/21511

Comodo Security
TrojWare.Win32.Patched.Q
25074

Dr.Web
Trojan.Click1.37970
9.0.1.074

Emsisoft Anti-Malware
Win32.SlugIn
8.17.03.15.02

ESET NOD32
Win32/Slugin
11.13527

Fortinet FortiGate
W32/Wplug.A
3/15/2017

F-Prot
W32/Slugin.B
v6.4.7.1.166

F-Secure
IM-Worm:W32/Sohanad.HM
11.2017-15-03_4

G Data
Win32.SlugIn
17.3.25

IKARUS anti.virus
Worm.Win32.AutoRun
t3scan.2.0.9.0

K7 AntiVirus
Trojan
13.225.19671

Kaspersky
Worm.Win32.AutoRun
14.0.0.-1313

McAfee
W32/Wplugin
5600.6094

Microsoft Security Essentials
VirTool:Win32/ModTool
1.1.12804.0

MicroWorld eScan
Win32.SlugIn.A
18.0.0.222

NANO AntiVirus
Virus.Win32.Slugin.ddowbn
1.0.30.8482

nProtect
Win32.SlugIn.A
16.05.20.01

Panda Antivirus
Generic Malware
17.03.15.02

Qihoo 360 Security
Virus.Win32.Slugin.A
1.0.0.1120

Quick Heal
W32.Slugin.A
3.17.14.00

Rising Antivirus
Virus.Agent!1.9AF8
23.00.65.17313

Sophos
W32/Slugin-A
4.98

Total Defense
Win32/Armax.H
37.1.62.1

Trend Micro House Call
PE_WPLUG.A
7.2.74

Trend Micro
PE_WPLUG.A
10.465.15

Vba32 AntiVirus
Trojan.Patched.dj
3.12.26.4

VIPRE Antivirus
Virus.Win32.Slugin.a
49560

ViRobot
Win32.Patched.N[h]
2014.3.20.0

Zillya! Antivirus
Virus.Slugin.Win32.1
2.0.0.2881

File size:
2.4 MB (2,560,993 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\regsvr.exe

File PE Metadata
Compilation timestamp:
5/25/2055 11:40:40 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

Entry address:
0xA5001

Entry point:
60, E8, 00, 00, 00, 00, 5B, 81, EB, D0, 48, 66, 02, 83, EC, 74, 8B, EC, 8B, 83, AB, 4B, 66, 02, 89, 45, 00, 8B, 83, B3, 4B, 66, 02, 03, 45, 00, 89, 45, 2C, 8B, 83, B7, 4B, 66, 02, 03, 45, 00, 89, 45, 30, C7, 45, 14, 00, 00, 00, 00, C7, 45, 18, 00, 00, 00, 00, C7, 45, 1C, 00, 00, 00, 00, 8B, 45, 14, FF, 45, 14, 66, 33, C9, 8A, 8C, 03, FF, 4B, 66, 02, 84, C9, 74, 7A, 8B, 45, 1C, 66, 01, 4D, 1C, 03, C3, 05, 13, 4C, 66, 02, 50, 8B, 45, 2C, FF, 10, 85, C0, 0F, 84, 5E, 02, 00, 00, 89, 45, 10, 8B, 45, 1C, 03, C3...
 
[+]

Entropy:
7.5238

Packer / compiler:
ASPack v1.08.04

Code size:
454.5 KB (465,408 bytes)

Remove regsvr.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.