How to remove RuntimeBroker.exe

» File
File Details
Overview
Analysis

RuntimeBroker.exe

The module RuntimeBroker.exe has been detected as Ransom.Wacatac

RuntimeBroker.exe

Remove RuntimeBroker.exe

File Details

Main Info:

Product Name:	MicrosoftВ® WindowsВ® Operating System
Company Name:	Microsoft
MD5:	8065e99bad5ca445cc93fb51511f28a2
Size:	293 KB
First Published:	2021-10-19 20:24:04 (4 years ago)
Latest Published:	2021-10-19 20:26:43 (4 years ago)

Analysis:

Status:	Ransom.Wacatac (on last analysis)
Analysis Date:	2021-10-19 20:26:43 (4 years ago)

Common Places:

%temp%

%localappdata%

Geography:

100.0%

OS Version:

Windows 10

100.0%

Analysis

PE Info:

Subsystem:	Windows GUI
PE Type:	pe
OS Bitness:	64
Image Base:	0x0000000140000000
Entry Address:	0x0003a200

PE Sections:

Name	Size of data	MD5
.text	242688	4b1475a56b0108d064a024f603d027e1
.rdata	45568	2f49babf0098f2624687e26143986e1c
.data	512	f0fa07437a9f7b6d275f924f3798274d
.pdata	7680	040b107a10424d1d030428c714d94dfd
.rsrc	1024	96a00808d4f71a9307d4638815b04d7e
.reloc	2048	066311523bf804df4cdd336d0a95fa30

More information:

Search on Virustotal

Download GridinSoft Anti-Malware - Removal tool for RuntimeBroker.exe

copyright for information about RuntimeBroker.exe