home

mrt.exe

Microsoft Windows Malicious Software Removal Tool

Microsoft Corporation

MRT is an anti-malware utility that checks a PC for infection by specific, prevalent malicious software and helps to remove the infection if it is found. The version of the tool delivered by Microsoft Update and Windows Update runs in the background and then reports if a malware infection is found. Microsoft will release an updated version of this tool on the second Tuesday of each month. It runs as a scheduled task under the Windows Task Scheduler.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft Windows Malicious Software Removal Tool

Version:
5.10.10001.0

MD5:
b29c00a888bcd666e63ee385ccb7e861

SHA-1:
207fb825ef63c232334985e788aa9a3e789abbf5

SHA-256:
70e3606ed1e377ddaf50ac5bb6a3dbc39c3c357615665139c25c3bfe072197f3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/23/2024 8:05:23 AM UTC  (today)

File size:
85.8 MB (90,015,360 bytes)

Product version:
5.10.10001.0

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
mrt.exe

File type:
Executable application (Win64 EXE)

Common path:
C:\Windows\System32\mrt.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
5/17/2013 3:20:12 AM

Valid to:
8/17/2014 3:20:12 AM

Subject:
CN=Microsoft Windows, OU=AOC, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Windows Verification PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
330000001FCA3922951F79172D00000000001F

File PE Metadata
Compilation timestamp:
3/3/2014 6:51:20 AM

OS version:
6.3

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1572864:3I6RMbg9nBOFb/y/Z/E5xz5xE5x75xL/v/V5xN5xz5xU5xE5xD5xtLwQ7/i1X6qr:3FMEZBOFb/y/Z/E5xz5xE5x75xL/v/Vw

Entry address:
0x3C18C

Entry point:
48, 83, EC, 28, E8, CF, 11, 00, 00, 48, 83, C4, 28, E9, 92, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, 49, DE, 00, 00, 75, 10, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 01, C3, 48, C1, C9, 10, E9, 32, 01, 00, 00, CC, CC, CC, CC, CC, CC, 40, 53, 48, 83, EC, 20, 48, 8B, D9, 48, 8B, 05, 94, 1A, 01, 00, 48, 89, 44, 24, 38, 48, 83, F8, FF, 75, 08, FF, 15, 73, 65, 01, 00, EB, 5D, B9, 08, 00, 00, 00, E8, 51, 12, 00, 00, 90, 48, 8B, 05, 6F, 1A, 01, 00, 48, 89, 44...
 
[+]

Entropy:
7.1460

Code size:
288 KB (294,912 bytes)

Scheduled Task
Task name:
MRT_HB

Path:
\Microsoft\Windows\RemovalTools\MRT_HB

Action:
mrt.exe \ehb \q


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.