» windowsdevicerecoverytoolinstaller.exe
Overview
Analysis
File Details
Downloads (14)

windowsdevicerecoverytoolinstaller.exe

Windows Device Recovery Tool 3.7.18601

Microsoft Corporation

This is a self-extracting archive and installer. The file has been seen being downloaded from go.microsoft.com and multiple other hosts.

File name:

windowsdevicerecoverytoolinstaller.exe

Publisher:

Microsoft (signed by Microsoft Corporation)

Product:

Windows Device Recovery Tool 3.7.18601

Version:

3.7.18601

MD5:

4221716858ff006e169e8643abfe9609

SHA-1:

0c1b767fc30c154a5980194621d9f8123463c0fc

SHA-256:

bfc037003cda2f51f9b437e4344e48a6336ec1411a28a940338e4e887405ac65

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

12/27/2024 5:28:51 AM UTC (today)

File size:

2.3 MB (2,427,104 bytes)

Product version:

3.7.18601

Original file name:

Bootstrapper.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\windowsdevicerecoverytoolinstaller.exe

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

6/4/2015 1:42:45 PM

Valid to:

9/4/2016 1:42:45 PM

Subject:

CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

330000010A2C79AED7797BA6AC00010000010A

File PE Metadata

Compilation timestamp:

1/16/2016 4:18:53 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

24576:wda7VjCLYRFsrOBjJRsyMpBl1AdtyZnSw+7OTwbR9XWIQZBFdt2/HsTgeVF5vXgx:RILSNVHzMZ0yRy9XEFbvwi6a

Entry address:

0x2C86E

Entry point:

E8, A3, 04, 00, 00, E9, 80, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 08, 8B, 4C, 24, 10, 0B, C8, 8B, 4C, 24, 0C, 75, 09, 8B, 44, 24, 04, F7, E1, C2, 10, 00, 53, F7, E1, 8B, D8, 8B, 44, 24, 08, F7, 64, 24, 14, 03, D8, 8B, 44, 24, 08, F7, E1, 03, D3, 5B, C2, 10, 00, 55, 8B, EC, EB, 1F, FF, 75, 08, E8, 6B, 6C, 00, 00, 59, 85, C0, 75, 12, 83, 7D, 08, FF, 75, 07, E8, B3, 08, 00, 00, EB, 05, E8, 8F, 08, 00, 00, FF, 75, 08, E8, E2, 6C, 00, 00, 59, 85, C0, 74, D4, 5D, C3, 55, 8B, EC, FF, 75, 08, E8... 
[+]

Entropy:

7.4300

Code size:

293 KB (300,032 bytes)

The file windowsdevicerecoverytoolinstaller.exe has been seen being distributed by the following 14 URLs.

http://go.microsoft.com/.../?linkid=522381

http://go.redirectingat.com/?id=23432X820454&site=windowscentral.com&xs=1&isjs=1&url=http://go.microsoft.com/fwlink/?LinkID=525569&xguid=68db09a9cda4e037f70276c8eb515a71&xuuid=f10b53b1fc3a059dbab10a9fa9d91b6f&xsessid=7f0e0af92210a5fdfb0a2b9e73c5c21c&xcreo=0&xed=0&sref=http://www.windowscentral.com/roll-back-windows-phone-81-windows-10-preview&pref=https://.../&xtz=-180&abp=1

http://go.skimresources.com/?id=23432X820454&site=windowscentral.com&xs=1&isjs=1&url=http://go.microsoft.com/fwlink/?LinkID=525569&xguid=&xuuid=391b70d9f49e4b71755c68fbf6cc9656&xsessid=&xcreo=0&xed=0&sref=http://www.windowscentral.com/roll-back-windows-phone-81-windows-10-preview&pref=https://.../&xtz=-60

q=http://go.microsoft.com/fwlink/.../?LinkId=522381&redir_token=Eqi2CqP56anFzNb3DgdkFlKsTVR8MTQ0OTA0NjgzOUAxNDQ4OTYwNDM5

http://click.linksynergy.com/deeplink?id=je6NUbpObpQ&mid=24542&u1=iqi7179rmg000n4o02e0q&murl=http://go.microsoft.com/fwlink/.../?LinkId=522381

http://click.linksynergy.com/deeplink?id=je6NUbpObpQ&mid=24542&u1=iqnzs2lpnn0127jw02e0q&murl=http://go.microsoft.com/.../?LinkID=525569

http://click.linksynergy.com/deeplink?id=je6NUbpObpQ&mid=24542&u1=iqqqvrhtc9000n4o02e0q&murl=http://go.microsoft.com/fwlink/.../?LinkId=522381

http://go.skimresources.com/?id=52283X1269303&site=nokiapoweruser.com&xs=1&isjs=1&url=http://go.microsoft.com/fwlink/p/?LinkId=522381&xguid=033c54a0d7e025a777b46154bbd135ed&xuuid=67d94eca6d3157c6d875de7483e8db41&xsessid=fd8ba913a13376d0aaae3cd98bca8b08&xcreo=0&xed=0&sref=http://www.nokiapoweruser.com/lumia-software-recovery-tool-renamed-nokia-software-recovery-tool-with-latest-update/&pref=http://www.nokiapoweruser.com/.../&xtz=-120&abp=1

http://click.linksynergy.com/deeplink?id=je6NUbpObpQ&mid=24542&u1=iqcqx54a2g00xkod02e0q&murl=http://go.microsoft.com/.../?LinkID=525569

http://go.redirectingat.com/?id=23432X820454&site=windowscentral.com&xs=1&isjs=1&url=http://go.microsoft.com/fwlink/?LinkID=525569&xguid=5b7c8a5217a79d851dbeb1932ebe4961&xuuid=4b3fda8ee84ddf6eda53c2a14b161950&xsessid=cd8b8c0eb22b7efbb33bfe4834c2f5d8&xcreo=0&xed=0&sref=http://www.windowscentral.com/roll-back-windows-phone-81-windows-10-preview&pref=https://.../&xtz=240

http://go.microsoft.com/.../?LinkID=525569

https://repairavoidance.blob.core.windows.net/.../WindowsDeviceRecoveryToolInstaller.exe

http://go.microsoft.com/fwlink/.../?LinkId=522381

temp:WindowsDeviceRecoveryToolInstaller.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.