home

mrt.exe

Microsoft Windows Malicious Software Removal Tool

Microsoft Corporation

MRT is an anti-malware utility that checks a PC for infection by specific, prevalent malicious software and helps to remove the infection if it is found. The version of the tool delivered by Microsoft Update and Windows Update runs in the background and then reports if a malware infection is found. Microsoft will release an updated version of this tool on the second Tuesday of each month. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘MRT’.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft Windows Malicious Software Removal Tool

Version:
5.10.10001.0

MD5:
f361e0b927a16f92a22de742fc9f9e86

SHA-1:
5ea975e9ecc68f2ad3347c23a5339ca379817f17

SHA-256:
d4539ebc1e80eba4d65c978707162c1cf043d15486fb4b4672e33f6a7e6cf88c

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/25/2024 1:46:14 PM UTC  (today)

File size:
85.8 MB (90,015,360 bytes)

Product version:
5.10.10001.0

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
mrt.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\mrt.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
5/16/2013 2:20:12 PM

Valid to:
8/16/2014 2:20:12 PM

Subject:
CN=Microsoft Windows, OU=AOC, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Windows Verification PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
330000001FCA3922951F79172D00000000001F

File PE Metadata
Compilation timestamp:
3/2/2014 4:51:20 PM

OS version:
6.3

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1572864:3I6RMbg9nBOFb/y/Z/E5xz5xE5x75xL/v/V5xN5xz5xU5xE5xD5xtLwQ7/71X6qr:3FMEZBOFb/y/Z/E5xz5xE5x75xL/v/Vd

Entry address:
0x3C18C

Entry point:
48, 83, EC, 28, E8, CF, 11, 00, 00, 48, 83, C4, 28, E9, 92, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, 49, DE, 00, 00, 75, 10, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 01, C3, 48, C1, C9, 10, E9, 32, 01, 00, 00, CC, CC, CC, CC, CC, CC, 40, 53, 48, 83, EC, 20, 48, 8B, D9, 48, 8B, 05, 94, 1A, 01, 00, 48, 89, 44, 24, 38, 48, 83, F8, FF, 75, 08, FF, 15, 73, 65, 01, 00, EB, 5D, B9, 08, 00, 00, 00, E8, 51, 12, 00, 00, 90, 48, 8B, 05, 6F, 1A, 01, 00, 48, 89, 44...
 
[+]

Entropy:
7.1460

Code size:
288 KB (294,912 bytes)

Scheduled Task
Task name:
MRT_HB

Path:
\Microsoft\Windows\RemovalTools\MRT_HB

Action:
mrt.exe \ehb \q


Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MRT

Command:
"C:\Windows\System32\mrt.exe" \r


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.