home

mrt.exe

Microsoft Windows Malicious Software Removal Tool

Microsoft Corporation

MRT is an anti-malware utility that checks a PC for infection by specific, prevalent malicious software and helps to remove the infection if it is found. The version of the tool delivered by Microsoft Update and Windows Update runs in the background and then reports if a malware infection is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft Windows Malicious Software Removal Tool

Version:
5.1.9100.0

MD5:
cf787102460ca08c752b535a6640338c

SHA-1:
187bf5cc8e01bf9f3a1f6df9aa66a8972f7ec970

SHA-256:
a8be99f35b4a2840f1515df0f7e0c5a6a0074991f264d9e2e737351e6b36b176

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/26/2024 7:35:48 PM UTC  (today)

File size:
72.4 MB (75,898,224 bytes)

Product version:
5.1.9100.0

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
mrt.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\mrt.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
9/12/2012 7:44:22 PM

Valid to:
6/12/2013 7:44:22 PM

Subject:
CN=Microsoft Windows, OU=AOC, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Windows Verification PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
3300000019CB58D66BE3198DB7000000000019

File PE Metadata
Compilation timestamp:
6/4/2013 3:01:08 AM

OS version:
6.3

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1572864:f2O5hcZXKH/a/m/T5xS5xI5xy5xI/2/L5xZ5xO5x15xo+77/ewCeedN9tuueO+uo:fnw5KH/a/m/T5xS5xI5xy5xI/2/L5xZq

Entry address:
0x2F074

Entry point:
48, 83, EC, 28, E8, 77, 11, 00, 00, 48, 83, C4, 28, E9, 1E, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, 59, C0, 00, 00, 75, 10, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 01, C3, 48, C1, C9, 10, E9, 7A, 00, 00, 00, CC, CC, CC, CC, CC, CC, 48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 8B, DA, 48, 8B, F9, FF, 15, DF, 25, 01, 00, F6, C3, 01, 74, 08, 48, 8B, CF, E8, FA, 10, FF, FF, 48, 8B, C7, 48, 8B, 5C, 24, 30, 48, 83, C4, 20, 5F, C3...
 
[+]

Entropy:
7.0655

Code size:
228 KB (233,472 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.