| filename | JRT.EXE | |
|---|---|---|
| size | 1016261 (0xf81c5) | |
| md5 | ca630dbadeb5b6101531f986adfe46c9 | |
| type | PE32 executable (GUI) Intel 80386, for MS Windows | |
| mimetype | application/x-dosexec | |
| clamav | OK | |
| virustotal | → scan with virustotal.com | |
| histogram | ||
MZ Header
| signature | MZ |
| bytes_in_last_block | 0x60 |
| blocks_in_file | 1 |
| num_relocs | 0 |
| header_paragraphs | 4 |
| min_extra_paragraphs | 0 |
| max_extra_paragraphs | 0xffff |
| ss | 0 |
| sp | 0xb8 |
| checksum | 0 |
| ip | 0 |
| cs | 0 |
| reloc_table_offset | 0x40 |
| overlay_number | 0 |
| reserved0 | 0 |
| oem_id | 0 |
| oem_info | 0 |
| reserved2 | 0 |
| reserved3 | 0 |
| reserved4 | 0 |
| reserved5 | 0 |
| reserved6 | 0 |
| lfanew | 0x60 |
PE Header
Packer / Compiler
Sections
| name | va | vsize | raw size | flags | |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x11317 | 0x11400 | R-X CODE | |
| .rdata | 0x13000 | 0x30ea | 0x3200 | R-- IDATA | |
| .data | 0x17000 | 0x292c | 0x800 | RW- IDATA | |
| .rsrc | 0x1a000 | 0x12d7 | 0x1400 | R-- IDATA |
Data Directory
| type | va | size | |
|---|---|---|---|
| EXPORT | 0 | 0 | |
| IMPORT | 0x150dc | 0xb4 | |
| RESOURCE | 0x1a000 | 0x12d7 | |
| EXCEPTION | 0 | 0 | |
| SECURITY | 0 | 0 | |
| BASERELOC | 0 | 0 | |
| DEBUG | 0 | 0 | |
| ARCHITECTURE | 0 | 0 | |
| GLOBALPTR | 0 | 0 | |
| TLS | 0 | 0 | |
| LOAD_CONFIG | 0 | 0 | |
| Bound_IAT | 0 | 0 | |
| IAT | 0x13000 | 0x310 | |
| Delay_IAT | 0 | 0 | |
| CLR_Header | 0 | 0 |
| module_name | hint | ord | function_name |
|---|---|---|---|
| COMCTL32.dll | 17 | ||
| KERNEL32.dll | 353 | GetFileAttributesW | |
| KERNEL32.dll | 78 | CreateDirectoryW | |
| KERNEL32.dll | 932 | WriteFile | |
| KERNEL32.dll | 441 | GetStdHandle | |
| KERNEL32.dll | 899 | VirtualFree | |
| KERNEL32.dll | 386 | GetModuleHandleW | |
| KERNEL32.dll | 416 | GetProcAddress | |
| KERNEL32.dll | 594 | LoadLibraryA | |
| KERNEL32.dll | 613 | LockResource | |
| KERNEL32.dll | 599 | LoadResource | |
| KERNEL32.dll | 853 | SizeofResource | |
| KERNEL32.dll | 228 | FindResourceExA | |
| KERNEL32.dll | 628 | MulDiv | |
| KERNEL32.dll | 511 | GlobalFree | |
| KERNEL32.dll | 504 | GlobalAlloc | |
| KERNEL32.dll | 963 | lstrcmpiA | |
| KERNEL32.dll | 446 | GetSystemDefaultLCID | |
| KERNEL32.dll | 448 | GetSystemDefaultUILanguage | |
| KERNEL32.dll | 485 | GetUserDefaultUILanguage | |
| KERNEL32.dll | 629 | MultiByteToWideChar | |
| KERNEL32.dll | 373 | GetLocaleInfoW | |
| KERNEL32.dll | 972 | lstrlenA | |
| KERNEL32.dll | 964 | lstrcmpiW | |
| KERNEL32.dll | 345 | GetEnvironmentVariableW | |
| KERNEL32.dll | 961 | lstrcmpW | |
| KERNEL32.dll | 517 | GlobalMemoryStatusEx | |
| KERNEL32.dll | 897 | VirtualAlloc | |
| KERNEL32.dll | 916 | WideCharToMultiByte | |
| KERNEL32.dll | 189 | ExpandEnvironmentStringsW | |
| KERNEL32.dll | 709 | RemoveDirectoryW | |
| KERNEL32.dll | 206 | FindClose | |
| KERNEL32.dll | 221 | FindNextFileW | |
| KERNEL32.dll | 132 | DeleteFileW | |
| KERNEL32.dll | 213 | FindFirstFileW | |
| KERNEL32.dll | 835 | SetThreadLocale | |
| KERNEL32.dll | 371 | GetLocalTime | |
| KERNEL32.dll | 458 | GetSystemTimeAsFileTime | |
| KERNEL32.dll | 973 | lstrlenW | |
| KERNEL32.dll | 470 | GetTempPathW | |
| KERNEL32.dll | 788 | SetEnvironmentVariableW | |
| KERNEL32.dll | 52 | CloseHandle | |
| KERNEL32.dll | 86 | CreateFileW | |
| KERNEL32.dll | 340 | GetDriveTypeW | |
| KERNEL32.dll | 779 | SetCurrentDirectoryW | |
| KERNEL32.dll | 382 | GetModuleFileNameW | |
| KERNEL32.dll | 273 | GetCommandLineW | |
| KERNEL32.dll | 490 | GetVersionExW | |
| KERNEL32.dll | 80 | CreateEventW | |
| KERNEL32.dll | 790 | SetEvent | |
| KERNEL32.dll | 719 | ResetEvent | |
| KERNEL32.dll | 547 | InitializeCriticalSection | |
| KERNEL32.dll | 863 | TerminateThread | |
| KERNEL32.dll | 722 | ResumeThread | |
| KERNEL32.dll | 856 | SuspendThread | |
| KERNEL32.dll | 563 | IsBadReadPtr | |
| KERNEL32.dll | 604 | LocalFree | |
| KERNEL32.dll | 967 | lstrcpyW | |
| KERNEL32.dll | 244 | FormatMessageW | |
| KERNEL32.dll | 450 | GetSystemDirectoryW | |
| KERNEL32.dll | 129 | DeleteCriticalSection | |
| KERNEL32.dll | 355 | GetFileSize | |
| KERNEL32.dll | 795 | SetFilePointer | |
| KERNEL32.dll | 693 | ReadFile | |
| KERNEL32.dll | 799 | SetFileTime | |
| KERNEL32.dll | 784 | SetEndOfFile | |
| KERNEL32.dll | 152 | EnterCriticalSection | |
| KERNEL32.dll | 593 | LeaveCriticalSection | |
| KERNEL32.dll | 910 | WaitForMultipleObjects | |
| KERNEL32.dll | 383 | GetModuleHandleA | |
| KERNEL32.dll | 859 | SystemTimeToFileTime | |
| KERNEL32.dll | 369 | GetLastError | |
| KERNEL32.dll | 111 | CreateThread | |
| KERNEL32.dll | 912 | WaitForSingleObject | |
| KERNEL32.dll | 347 | GetExitCodeThread | |
| KERNEL32.dll | 854 | Sleep | |
| KERNEL32.dll | 808 | SetLastError | |
| KERNEL32.dll | 794 | SetFileAttributesW | |
| KERNEL32.dll | 335 | GetDiskFreeSpaceExW | |
| KERNEL32.dll | 958 | lstrcatW | |
| KERNEL32.dll | 185 | ExitProcess | |
| KERNEL32.dll | 57 | CompareFileTime | |
| KERNEL32.dll | 439 | GetStartupInfoA | |
| USER32.dll | 55 | CharUpperW | |
| USER32.dll | 198 | EndDialog | |
| USER32.dll | 153 | DestroyWindow | |
| USER32.dll | 437 | KillTimer | |
| USER32.dll | 554 | ReleaseDC | |
| USER32.dll | 162 | DispatchMessageW | |
| USER32.dll | 318 | GetMessageW | |
| USER32.dll | 634 | SetTimer | |
| USER32.dll | 97 | CreateWindowExW | |
| USER32.dll | 561 | ScreenToClient | |
| USER32.dll | 372 | GetWindowRect | |
| USER32.dll | 728 | wsprintfW | |
| USER32.dll | 325 | GetParent | |
| USER32.dll | 348 | GetSystemMenu | |
| USER32.dll | 194 | EnableMenuItem | |
| USER32.dll | 196 | EnableWindow | |
| USER32.dll | 478 | MessageBeep | |
| USER32.dll | 447 | LoadIconW | |
| USER32.dll | 449 | LoadImageW | |
| USER32.dll | 730 | wvsprintfW | |
| USER32.dll | 429 | IsWindow | |
| USER32.dll | 143 | DefWindowProcW | |
| USER32.dll | 28 | CallWindowProcW | |
| USER32.dll | 183 | DrawIconEx | |
| USER32.dll | 157 | DialogBoxIndirectParamW | |
| USER32.dll | 362 | GetWindow | |
| USER32.dll | 64 | ClientToScreen | |
| USER32.dll | 268 | GetDC | |
| USER32.dll | 191 | DrawTextW | |
| USER32.dll | 658 | ShowWindow | |
| USER32.dll | 666 | SystemParametersInfoW | |
| USER32.dll | 598 | SetFocus | |
| USER32.dll | 641 | SetWindowLongW | |
| USER32.dll | 349 | GetSystemMetrics | |
| USER32.dll | 255 | GetClientRect | |
| USER32.dll | 273 | GetDlgItem | |
| USER32.dll | 289 | GetKeyState | |
| USER32.dll | 479 | MessageBoxA | |
| USER32.dll | 727 | wsprintfA | |
| USER32.dll | 647 | SetWindowTextW | |
| USER32.dll | 346 | GetSysColor | |
| USER32.dll | 377 | GetWindowTextLengthW | |
| USER32.dll | 378 | GetWindowTextW | |
| USER32.dll | 252 | GetClassNameA | |
| USER32.dll | 367 | GetWindowLongW | |
| USER32.dll | 300 | GetMenu | |
| USER32.dll | 643 | SetWindowPos | |
| USER32.dll | 73 | CopyImage | |
| USER32.dll | 576 | SendMessageW | |
| USER32.dll | 364 | GetWindowDC | |
| GDI32.dll | 356 | GetCurrentObject | |
| GDI32.dll | 585 | StretchBlt | |
| GDI32.dll | 568 | SetStretchBltMode | |
| GDI32.dll | 44 | CreateCompatibleBitmap | |
| GDI32.dll | 526 | SelectObject | |
| GDI32.dll | 45 | CreateCompatibleDC | |
| GDI32.dll | 407 | GetObjectW | |
| GDI32.dll | 363 | GetDeviceCaps | |
| GDI32.dll | 143 | DeleteObject | |
| GDI32.dll | 61 | CreateFontIndirectW | |
| GDI32.dll | 140 | DeleteDC | |
| SHELL32.dll | 173 | SHGetFileInfoW | |
| SHELL32.dll | 122 | SHBrowseForFolderW | |
| SHELL32.dll | 189 | SHGetPathFromIDListW | |
| SHELL32.dll | 183 | SHGetMalloc | |
| SHELL32.dll | 266 | ShellExecuteExW | |
| SHELL32.dll | 197 | SHGetSpecialFolderPathW | |
| SHELL32.dll | 267 | ShellExecuteW | |
| ole32.dll | 59 | CoInitialize | |
| ole32.dll | 131 | CreateStreamOnHGlobal | |
| ole32.dll | 16 | CoCreateInstance | |
| OLEAUT32.dll | 9 | ||
| OLEAUT32.dll | 418 | ||
| OLEAUT32.dll | 2 | ||
| MSVCRT.dll | 129 | __set_app_type | |
| MSVCRT.dll | 111 | __p__fmode | |
| MSVCRT.dll | 106 | __p__commode | |
| MSVCRT.dll | 157 | _adjust_fdiv | |
| MSVCRT.dll | 131 | __setusermatherr | |
| MSVCRT.dll | 271 | _initterm | |
| MSVCRT.dll | 88 | __getmainargs | |
| MSVCRT.dll | 143 | _acmdln | |
| MSVCRT.dll | 585 | exit | |
| MSVCRT.dll | 72 | _XcptFilter | |
| MSVCRT.dll | 211 | _exit | |
| MSVCRT.dll | 14 | public: virtual __thiscall type_info::~type_info(void) ??1type_info@@UAE@XZ | |
| MSVCRT.dll | 390 | _onexit | |
| MSVCRT.dll | 85 | __dllonexit | |
| MSVCRT.dll | 65 | _CxxThrowException | |
| MSVCRT.dll | 166 | _beginthreadex | |
| MSVCRT.dll | 66 | _EH_prolog | |
| MSVCRT.dll | 665 | memset | |
| MSVCRT.dll | 494 | _wcsnicmp | |
| MSVCRT.dll | 704 | strncmp | |
| MSVCRT.dll | 657 | malloc | |
| MSVCRT.dll | 664 | memmove | |
| MSVCRT.dll | 558 | _wtol | |
| MSVCRT.dll | 663 | memcpy | |
| MSVCRT.dll | 606 | free | |
| MSVCRT.dll | 662 | memcmp | |
| MSVCRT.dll | 402 | _purecall | |
| MSVCRT.dll | 15 | void * __cdecl operator new(unsigned int) ??2@YAPAXI@Z | |
| MSVCRT.dll | 16 | void __cdecl operator delete(void *) ??3@YAXPAX@Z | |
| MSVCRT.dll | 202 | _except_handler3 | |
| MSVCRT.dll | 183 | _controlfp |
StringTable 000004b0
| CompanyName | Thisisu |
| FileDescription | Junkware Removal Tool |
| ProductVersion | 6.1.4 |
VS_FIXEDFILEINFO
| FileVersion | 1.2.0.715 |
| ProductVersion | 1.2.0.715 |
| StrucVersion | 0x10000 |
| FileFlagsMask | 0 |
| FileFlags | 0 |
| FileOS | 0x40004 |
| FileType | 1 |
| FileSubtype | 0 |
Scanning the drive for archives: 1 file, 1016261 bytes (993 KiB) -- Type = 7z Offset = 91470 Physical Size = 924791 Headers Size = 2298 Method = LZMA:21 BCJ Solid = + Blocks = 2 Date Time Attr Size Compressed Name ------------------- ----- ------------ ------------ ------------------------ 2012-12-08 07:27:02 ....A 565 770286 erunt/ERUNT.EXE.manifest 2014-04-06 05:12:38 ....A 29635 ask.bat 2014-04-06 05:12:44 ....A 13963 chrome.bat 2014-04-06 05:12:51 ....A 1813 delfolders.bat 2013-07-10 00:21:16 ....A 85 delorphans.bat 2014-04-06 05:13:01 ....A 719 ev_clear.bat 2014-04-06 05:13:06 ....A 152733 firefox.bat 2014-04-06 05:13:11 ....A 1226 FWPolicy.bat 2014-04-06 05:51:21 ....A 15919 get.bat 2014-04-06 05:13:18 ....A 31401 iexplore.bat 2014-04-06 05:14:37 ....A 10161 JRT.bat 2014-04-06 05:14:43 ....A 18670 medfos.bat 2014-04-06 05:14:49 ....A 154678 misc.bat 2014-04-06 05:14:54 ....A 8104 modules.bat 2014-04-06 05:14:59 ....A 39458 prelim.bat 2014-04-06 05:30:02 ....A 9516 runvalues.bat 2014-04-06 05:15:07 ....A 24738 searchlnk.bat 2014-04-06 05:15:13 ....A 1230 TDL4.bat 2013-02-03 12:34:40 ....A 370 clean_shortcut.vbs 2014-04-06 04:31:19 ....A 13 currentmd5.txt 2012-12-08 07:27:02 ....A 31952 erunt/README.TXT 2013-01-24 12:52:14 ....A 100 sednewline.txt 2013-09-02 00:20:59 ....A 144 appinit64_null.reg 2013-08-29 02:30:41 ....A 132 appinit_null.reg 2013-10-15 23:14:27 ....A 414 CHR_open_x64.reg 2013-10-15 23:19:59 ....A 402 CHR_open_x86.reg 2013-08-22 03:41:47 ....A 386 datamngr_del.reg 2013-10-15 23:13:50 ....A 388 FF_open_x64.reg 2013-10-15 23:19:21 ....A 376 FF_open_x86.reg 2013-10-15 23:15:19 ....A 388 IE_open_x64.reg 2013-10-15 23:22:54 ....A 388 IE_open_x86.reg 2014-04-06 04:26:20 ....A 18307 badFOLDERS.cfg 2013-10-06 06:30:34 ....A 119 badFOLDERScom.cfg 2014-03-23 21:19:41 ....A 1007 badFOLDERSstart.cfg 2014-02-04 05:57:38 ....A 221 badLNK.cfg 2014-03-23 21:20:12 ....A 4583 badvalues.cfg 2013-04-29 22:18:34 ....A 128 browsermngr_keys.cfg 2012-12-09 02:32:58 ....A 94 browsermngr_values.cfg 2013-04-29 22:19:38 ....A 174 CHRregkey_x64.cfg 2013-04-29 22:19:46 ....A 107 CHRregkey_x86.cfg 2014-03-23 21:20:48 ....A 6866 CHR_extensions.cfg 2013-04-21 22:24:56 ....A 38 defaultscope.cfg 2013-04-05 14:41:14 ....A 159 FFwhtlist.cfg 2013-04-23 14:41:32 ....A 86 IEwhtlst.cfg 2013-09-12 07:37:49 ....A 8130 REGhcr.cfg 2013-07-09 07:37:54 ....A 48 REGhkcu_and_hklm_allow.cfg 2014-02-04 06:29:17 ....A 3377 REGhkcu_and_hklm_software.cfg 2013-11-05 22:23:48 ....A 3025 REGhkcu_software_appdatalow.cfg 2014-01-08 02:07:18 ....A 1664 REGhkcu_software_microsoft.cfg 2013-11-05 22:20:01 ....A 36278 REGhklm_software_classes.cfg 2013-11-05 22:21:04 ....A 79 REGISTRYUSERSID.cfg 2013-04-21 23:19:58 ....A 211 runvalues_x64.cfg 2013-04-21 23:15:04 ....A 129 runvalues_x86.cfg 2013-11-05 22:22:15 ....A 45 serviceseventlog.cfg 2013-11-05 22:19:47 ....A 1718 APPID_clsid.dat 2013-11-05 22:19:27 ....A 1599 APPID_files.dat 2013-09-12 07:36:00 ....A 84 APPPATHS.dat 2013-08-02 22:26:50 ....A 78 APPROVEDEXTENSIONS_clsid.dat 2013-07-11 20:28:28 ....A 3158 askCLSID.dat 2013-04-29 22:13:32 ....A 488 askregkey_x64.dat 2013-04-29 22:14:04 ....A 260 askregkey_x86.dat 2013-04-29 22:16:08 ....A 424 askregvalue_x64.dat 2013-04-29 22:16:24 ....A 345 askregvalue_x86.dat 2013-07-08 20:10:58 ....A 30 askservices.dat 2014-03-23 21:19:10 ....A 174 badAPPINIT.dat 2014-03-23 21:21:58 ....A 30558 BHO_clsid.dat 2014-03-23 21:21:25 ....A 1459 BHO_name.dat 2005-02-28 00:40:46 ....A 45056 CHOICE.DAT 2014-01-01 09:17:59 ....A 13038 CLSID_clsid.dat 2012-12-08 07:27:02 ....A 17920 CUT.DAT 2013-11-05 22:20:33 ....A 3836 ELEVATIONPOLICY_clsid.dat 2013-08-02 15:39:08 ....A 16 EXT.dat 2012-12-08 07:27:02 ....A 119 FFbrowsermngr.dat 2014-03-23 21:22:13 ....A 10561 FFextensions.dat 2013-11-05 22:17:50 ....A 353 FFpluginREG.dat 2012-12-08 07:27:02 ....A 75 FFplugins.dat 2014-03-23 21:21:07 ....A 3653 FFprefs.dat 2013-04-29 22:21:20 ....A 177 FFregkey_x64.dat 2013-04-29 22:21:30 ....A 109 FFregkey_x86.dat 2014-03-23 21:19:25 ....A 1512 FFXML.dat 2014-03-23 21:20:29 ....A 1433 FFXPI.dat 2013-08-29 03:15:27 ....A 6957 FWCLSID.dat 2013-08-22 03:06:01 ....A 15 IFEO.dat 2013-11-05 22:21:34 ....A 5598 INTERFACE_clsid.dat 2013-11-05 22:24:21 ....A 277 MENUEXT.dat 2013-10-15 19:02:40 ....A 392 modules.dat 2013-01-24 13:19:44 ....A 178 moduleservices.dat 2012-12-15 11:36:10 ....A 43520 NIRCMD.DAT 2013-08-02 14:41:12 ....A 33 NOTIFY.dat 2013-09-12 07:38:33 ....A 878 PREAPPROVED_clsid.dat 2014-01-08 02:06:59 ....A 141 PRODUCTS.dat 2014-01-08 01:58:54 ....A 1732 S1518COMPONENTS.dat 2010-10-22 01:15:22 ....A 98816 SED.DAT 2014-04-06 04:32:27 ....A 4173 services.dat 2013-11-05 22:23:16 ....A 1518 SETTINGS_clsid.dat 2013-02-01 15:14:00 ....A 57344 SHORTCUT.DAT 2014-01-01 09:18:15 ....A 1638 STATS_clsid.dat 2014-01-08 02:05:48 ....A 7685 TRACING.dat 2013-11-05 22:21:17 ....A 3518 TYPELIB_clsid.dat 2014-01-08 02:06:06 ....A 14243 UNINSTALL.dat 2013-08-02 14:37:58 ....A 100 UpgradeCodes.dat 2013-08-08 08:46:04 ....A 401408 WGET.DAT 2014-02-04 06:00:17 ....A 502 WOW6432NODE.dat 2012-12-08 07:27:02 ....A 163328 erunt/ERDNT.E_E 2012-12-08 07:27:02 ....A 2815 erunt/ERDNTDOS.LOC 2012-12-08 07:27:02 ....A 3275 erunt/ERDNTWIN.LOC 2012-12-08 07:27:02 ....A 4090 erunt/ERUNT.LOC 2012-12-08 07:27:02 ....A 157696 152207 erunt/ERUNT.EXE 2014-04-06 05:17:36 ....A 0 0 temp/null.txt 2014-04-06 05:17:36 D.... 0 0 temp 2014-04-06 04:25:43 D.... 0 0 erunt ------------------- ----- ------------ ------------ ------------------------ 2014-04-06 05:51:21 1755045 922493 109 files, 2 folders
 |
| Please donate some bucks to keep this site up and running: | |
| Ko-fi | |
|---|---|
| Yandex.Money | |
| Thank you! | |
everything is OK