How to remove RuntimeBroker.exe

RuntimeBroker.exe

The module RuntimeBroker.exe has been detected as Ransom.Sabsik

RuntimeBroker.exe
Remove RuntimeBroker.exe

File Details

Product Name:

RuntimeBroker
Company Name:

Microsoft® Windows® Operating System
MD5: 251d0853947181d6aca73da5b4a1ca58
Size: 123 KB
First Published: 2022-06-29 23:55:24 (2 years ago)
Latest Published: 2023-04-14 23:43:18 (2 years ago)
Status: Ransom.Sabsik (on last analysis)
Analysis Date: 2023-04-14 23:43:18 (2 years ago)

Common Places:

%commonappdata%
%commonappdata%
%commonappdata%
%commonappdata%
%commonappdata%
%commonappdata%
%commonappdata%

Geography:

33.3%
16.7%
16.7%
16.7%

OS Version:

Windows 10 85.7%
Windows 8.1 14.3%

Analysis

Subsystem: Windows GUI
PE Type: pe
OS Bitness: 32
Image Base: 0x00400000
Entry Address: 0x000200be

.NET Info:

MVID: 961c3761-4b44-4c5f-b941-cd1a40bdb8aa
Typelib ID: cebf4056-97c8-46fa-9c52-9707957c715a

PE Sections:

Name Size of data MD5
.text 123392 97e0df5d8ab6e1094524a70ffaa776bc
.rsrc 2048 c4e11fe6f1929de83212f7d3460ff27e
.reloc 512 b98576ba940e45970bf75aa08982c8b5

More information:

Search on Virustotal
Download GridinSoft Anti-Malware - Removal tool for RuntimeBroker.exe
copyright for information about RuntimeBroker.exe