mrt.exe

Microsoft Windows-Tool zum Entfernen bösartiger Software

Microsoft Corporation

MRT is an anti-malware utility that checks a PC for infection by specific, prevalent malicious software and helps to remove the infection if it is found. The version of the tool delivered by Microsoft Update and Windows Update runs in the background and then reports if a malware infection is found. Microsoft will release an updated version of this tool on the second Tuesday of each month. It runs as a scheduled task under the Windows Task Scheduler.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft Windows-Tool zum Entfernen bösartiger Software

Version:
5.13.10300.0

MD5:
a5f57cc499eec2d4ef8becdfede78875

SHA-1:
818327ae306ae2ebea525a71476eada334daf857

SHA-256:
8a00a9308b0393154e3cc9873d8b48f664322740ab611e50c0b65d392ce9a0a7

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
12/3/2016 6:53:44 PM UTC  (today)

File size:
91 MB (95,414,520 bytes)

Product version:
5.13.10300.0

Copyright:
© Microsoft Corporation. Alle Rechte vorbehalten.

Original file name:
mrt.exe

File type:
Executable application (Win64 EXE)

Language:
German (Germany)

Common path:
C:\Windows\System32\mrt.exe

Digital Signature
Authority:
Microsoft Corporation

Valid from:
5/16/2013 8:20:13 PM

Valid to:
8/16/2014 8:20:13 PM

Subject:
CN=Microsoft Windows, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Windows Verification PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
3300000020C8E989174AADFCE6000000000020

File PE Metadata
Compilation timestamp:
6/2/2014 2:02:01 AM

OS version:
6.3

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1572864:J+569qovjXMHP/b/x/m5xX5xo5xo5xd/e/u5xz5x/5xn5xi5x15x/FUa7/AIBNQt:ggNgP/b/x/m5xX5xo5xo5xd/e/u5xz5C

Entry address:
0x3CBDC

Entry point:
48, 83, EC, 28, E8, CF, 11, 00, 00, 48, 83, C4, 28, E9, 92, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, F9, E3, 00, 00, 75, 10, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 01, C3, 48, C1, C9, 10, E9, 32, 01, 00, 00, CC, CC, CC, CC, CC, CC, 40, 53, 48, 83, EC, 20, 48, 8B, D9, 48, 8B, 05, 44, 20, 01, 00, 48, 89, 44, 24, 38, 48, 83, F8, FF, 75, 08, FF, 15, 9B, 6B, 01, 00, EB, 5D, B9, 08, 00, 00, 00, E8, 51, 12, 00, 00, 90, 48, 8B, 05, 1F, 20, 01, 00, 48, 89, 44...
 
[+]

Code size:
291 KB (297,984 bytes)

Scheduled Task
Task name:
MRT_HB

Path:
\Microsoft\Windows\RemovalTools\MRT_HB

Action:
mrt.exe \ehb \q