» mrt.exe
Overview
Analysis
File Details

mrt.exe

Microsoft Windows Malicious Software Removal Tool

Microsoft Corporation

MRT is an anti-malware utility that checks a PC for infection by specific, prevalent malicious software and helps to remove the infection if it is found. The version of the tool delivered by Microsoft Update and Windows Update runs in the background and then reports if a malware infection is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

File name:

mrt.exe

Publisher:

Microsoft Corporation (signed and verified)

Product:

Microsoft Windows Malicious Software Removal Tool

Version:

5.11.10100.0

MD5:

a7327fba8897e5aa16a1d3bb57589407

SHA-1:

344a5db43b198c10f777bb82070086ee4cfe8eda

SHA-256:

9000da8307d612665454ace6cced249a3e98d9a17c2fac0b0e8b3594b4d69bbe

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

4/19/2024 1:22:48 PM UTC (today)

File size:

84 MB (88,028,728 bytes)

Product version:

5.11.10100.0

Original file name:

mrt.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Windows\System32\mrt.exe

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

5/16/2013 7:20:12 PM

Valid to:

8/16/2014 7:20:12 PM

Subject:

CN=Microsoft Windows, OU=AOC, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Windows Verification PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

330000001FCA3922951F79172D00000000001F

File PE Metadata

Compilation timestamp:

3/31/2014 11:36:34 AM

OS version:

6.3

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1572864:IChbMugaRyO/v/Z/25xz5xE5x75xL/B/E5xN5xz5xU5xH5xD5xCLwo7/WM+nQAwb:ICvB4O/v/Z/25xz5xE5x75xL/B/E5xN/

Entry address:

0x2F804

Entry point:

E8, 6A, 0E, 00, 00, E9, ED, FD, FF, FF, 3B, 0D, 00, A0, 43, 00, 75, 03, C2, 00, 00, E9, F8, 00, 00, 00, 6A, 14, 68, 50, 85, 43, 00, E8, 06, 0F, 00, 00, 83, 65, DC, 00, A1, 48, D3, 43, 00, 89, 45, E4, 83, F8, FF, 75, 0C, FF, 75, 08, FF, 15, 90, E3, 43, 00, 59, EB, 54, 6A, 08, E8, 60, 0F, 00, 00, 59, 83, 65, FC, 00, A1, 48, D3, 43, 00, 89, 45, E4, A1, 44, D3, 43, 00, 89, 45, E0, 8D, 45, E0, 50, 8D, 45, E4, 50, FF, 75, 08, E8, 47, 0F, 00, 00, 83, C4, 0C, 8B, F0, 89, 75, DC, 8B, 4D, E4, 89, 0D, 48, D3, 43, 00... 
[+]

Entropy:

7.1592

Code size:

222 KB (227,328 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.