home

windowsdevicerecoverytoolinstaller.exe

Windows Device Recovery Tool 3.4.34

Microsoft

The executable windowsdevicerecoverytoolinstaller.exe has been detected as malware by 9 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. Infected by the Parite virus, a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives. The file has been seen being downloaded from download-fds.webapps.microsoft.com.
Publisher:
Microsoft

Product:
Windows Device Recovery Tool 3.4.34

Version:
3.4.34

MD5:
a10fe53b66e1f82b8d39fc408b4b0af0

SHA-1:
dd01dbdd9ebea046e9690eec6944a81ce9f28904

SHA-256:
706d828649a5394aaa19bdf766f9317385f2bfc0e1274b5b760c1a894104c400

Scanner detections:
9 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/5/2024 9:41:50 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Parite
160518-2

AVG
Win32/Parite
2015.0.4604

Emsisoft Anti-Malware
Win32.Parite
11.5.0.6191

ESET NOD32
Win32/Parite.B virus
8.0.319.0

F-Prot
W32/Parite.B
4.6.5.141

Kaspersky
Virus.Win32.Parite
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.225.749.0

Norman
Win32.Parite.B
28.05.2016 15:32:18

VIPRE Antivirus
Threat.46249
50516

File size:
2.4 MB (2,520,022 bytes)

Product version:
3.4.34

Copyright:
Copyright (c) Microsoft. All rights reserved.

Original file name:
Bootstrapper.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\windowsdevicerecoverytoolinstaller.exe

File PE Metadata
Compilation timestamp:
12/8/2014 8:44:59 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:5i+nwxGDdPYl+IjkXp6N1NTMptl1AdtyZnSw+7OTwbR9XWIQZBFdt2/HsTgeVF5L:fnwLl+IY+7TMV0yRy9XEFbvwi6aA1tCj

Entry address:
0xCA000

Entry point:
B8, 43, E0, 8F, 00, 90, BF, 1C, A0, 4C, 00, 90, 68, 98, 05, 00, 00, 5E, 90, 31, 04, 3E, 90, 90, 83, EE, 04, 90, 75, F5, 90, 90, AB, 9D, 8E, 00, 43, E0, 8F, 00, 43, E0, CF, 00, 1C, 74, 8D, 00, F3, 5D, AC, 00, 95, 23, AC, 00, 43, 50, 8D, 00, 42, E0, 8F, 00, A7, B0, CB, 00, 49, EA, C9, 00, 63, EA, C9, 00, 4B, 0F, 8A, 00, 4B, EA, 89, 00, 5D, EA, 89, 00, A7, DE, 8B, 00, 4B, EA, 89, 00, 5D, EA, 89, 00, 43, E0, 8F, 00, 43, E0, 8F, 00, 43, E0, 8F, 00, 43, E0, 8F, 00, 93, B1, CB, 00, 43, E0, 8F, 00, 43, E0, 8F, 00...
 
[+]

Code size:
270.5 KB (276,992 bytes)

The file windowsdevicerecoverytoolinstaller.exe has been seen being distributed by the following URL.

http://download-fds.webapps.microsoft.com/supportFiles/phones/files/.../WindowsDeviceRecoveryToolInstaller.exe

Remove windowsdevicerecoverytoolinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.