home

mrt.exe

Microsoft Windows Malicious Software Removal Tool

Microsoft Corporation

MRT is an anti-malware utility that checks a PC for infection by specific, prevalent malicious software and helps to remove the infection if it is found. The version of the tool delivered by Microsoft Update and Windows Update runs in the background and then reports if a malware infection is found. Microsoft will release an updated version of this tool on the second Tuesday of each month. It runs as a scheduled task under the Windows Task Scheduler.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft Windows Malicious Software Removal Tool

Version:
5.11.10100.0

MD5:
43a08ee6cc7f29fb1923a1d9c92b380e

SHA-1:
23875ca1302a7cf235bebad1095d45a254485985

SHA-256:
dbd7f880b275954d91f638a184057a14b2473a417fbadead9ec2c6b1686fb05b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/25/2024 10:36:45 AM UTC  (today)

File size:
86.5 MB (90,655,440 bytes)

Product version:
5.11.10100.0

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
mrt.exe

File type:
Executable application (Win64 EXE)

Common path:
C:\Windows\System32\mrt.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
5/17/2013 3:20:12 AM

Valid to:
8/17/2014 3:20:12 AM

Subject:
CN=Microsoft Windows, OU=AOC, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Windows Verification PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
330000001FCA3922951F79172D00000000001F

File PE Metadata
Compilation timestamp:
3/31/2014 7:37:01 PM

OS version:
6.3

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1572864:3mKVeugaRyO/v/Z/25xz5xE5x75xL/B/E5xN5xz5xU5xH5xD5xCLwo7/WM+2wIYQ:3BzB4O/v/Z/25xz5xE5x75xL/B/E5xN9

Entry address:
0x3C27C

Entry point:
48, 83, EC, 28, E8, CF, 11, 00, 00, 48, 83, C4, 28, E9, 92, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, 59, ED, 00, 00, 75, 10, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 01, C3, 48, C1, C9, 10, E9, 32, 01, 00, 00, CC, CC, CC, CC, CC, CC, 40, 53, 48, 83, EC, 20, 48, 8B, D9, 48, 8B, 05, A4, 29, 01, 00, 48, 89, 44, 24, 38, 48, 83, F8, FF, 75, 08, FF, 15, F3, 74, 01, 00, EB, 5D, B9, 08, 00, 00, 00, E8, 51, 12, 00, 00, 90, 48, 8B, 05, 7F, 29, 01, 00, 48, 89, 44...
 
[+]

Entropy:
7.1551

Code size:
288.5 KB (295,424 bytes)

Scheduled Task
Task name:
MRT_HB

Path:
\Microsoft\Windows\RemovalTools\MRT_HB

Action:
mrt.exe \ehb \q


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.