Gridinsoft Logo

The RuntimeBroker.exe (Runtime Broker) File Analysis

Updated 3 months ago
Checked by Malware Check
RuntimeBroker.exe

Technical Analysis

File Name RuntimeBroker.exe
File Type
PE32+ executable (GUI) x86-64, for MS Windows
Scanner Version 1.0.226.174
Database Version 2025-09-27 21:00:21 UTC

Clean File

No threats detected by our scanner

0%
Detection Rate
133,656
File Size (bytes)
2025-09-27
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
3d701f9fd75f829236f58756bdfc6945
SHA1
4cd9bbcbebc95948e2da8edf699088b00b2140fe
SHA256
dbf90b115cfc26b5a59dd5bf9c20d94a11ffe9d2f979831ebf7cf496eeecbd0e
SHA512
14f1bcbbb3f9bb67acc31515c716e23682788a653c4d50394a48570d6717c4ef6031ccc9691df08a6e798770c5c71483f181d1afe1c2314e5d87a2705f43e23e
ImpHash
dd3379331f906897d3533db83f199654

PE Analysis

Basic Information

Image Base 0x140000000
Entry Point 0x1400092b0
Compilation Time 2101-12-11 19:06:32
Checksum 0x00024dcb (Actual: 0x00024dcb)
OS Version 10.0
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
PDB Path RuntimeBroker.pdb
Digital Signature OK
Imports 29 libraries
Exports 0 functions
Resources 2 Resources
Sections 9 Sections

Version Information

CompanyName Microsoft Corporation
FileDescription Runtime Broker
FileVersion 10.0.26100.5074 (WinBuild.160101.0800)
InternalName RuntimeBroker.exe
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename RuntimeBroker.exe
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.26100.5074
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 61,539 bytes 65,536 bytes 5.92 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 76402D0BC4D975046B85F0AE62549209
fothk 0x00011000 4,096 bytes 4,096 bytes 0.02 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 58D049DE022614808B39D7149FBFB107
.imrsiv 0x00012000 4 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.rdata 0x00013000 23,862 bytes 24,576 bytes 4.82 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ A7BDFF493595EFD94A6DE92E62625F19
.data 0x00019000 3,648 bytes 4,096 bytes 0.20 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 6A33951C96860074DBAA129D7BF587E5
.pdata 0x0001a000 4,932 bytes 8,192 bytes 3.33 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ C1D82F4910B16F9BA477E8DCA3B2E151
.didat 0x0001c000 376 bytes 4,096 bytes 0.37 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5605BBD79F416FE38CBC79B324CF6A69
.rsrc 0x0001d000 2,392 bytes 4,096 bytes 3.27 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 814C5159D575D149C7E9D7F200C5BCC3
.reloc 0x0001e000 548 bytes 4,096 bytes 1.05 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 8CF3CD04A95BEB261A422EBB4DA5CCE7

Resource Analysis

Total Resources: 2 (2,223 bytes)
Resource Type Count Total Size Percentage
RT_VERSION 1 932 bytes
41.9%
RT_MANIFEST 1 1,291 bytes
58.1%

Certificate Chain Analysis

Certificate Information
Product Microsoft® Windows® Operating System
Description Runtime Broker
File Version 10.0.26100.5074 (WinBuild.160101.0800)
Original Name RuntimeBroker.exe
Signing Date 12:23 AM 08/27/2025 (135 days ago)
Verification Status Signed
Signers Microsoft Windows; Microsoft Windows Production PCA 2011; Microsoft Root Certificate Authority 2010
Counter Signers Microsoft Time-Stamp Service; Microsoft Time-Stamp PCA 2010; Microsoft Root Certificate Authority 2010
Internal Name RuntimeBroker.exe
Copyright © Microsoft Corporation. All rights reserved.
Certificate Chain Summary
Microsoft Windows #1 Primary
Validity Period: 2025-06-19 18:11:44 → 2026-06-17 18:11:44
Signature Algorithm: sha256RSA
Serial Number: 33 00 00 05 19 DA DD AA 8B DC 44 B2 92 00 00 00 00 05 19
Microsoft Windows Production PCA 2011 #2 Chain
Validity Period: 2011-10-19 18:41:42 → 2026-10-19 18:51:42
Signature Algorithm: sha256RSA
Serial Number: 61 07 76 56 00 00 00 00 00 08
Microsoft Time-Stamp Service #3 Chain
Validity Period: 2025-01-30 19:43:03 → 2026-04-22 19:43:03
Signature Algorithm: sha256RSA
Serial Number: 33 00 00 02 0E 2C CB 28 7D 95 20 75 63 00 01 00 00 02 0E
Microsoft Time-Stamp PCA 2010 #4 Chain
Validity Period: 2021-09-30 18:22:25 → 2030-09-30 18:32:25
Signature Algorithm: sha256RSA
Serial Number: 33 00 00 00 15 C5 E7 6B 9E 02 9B 49 99 00 00 00 00 00 15

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

OK

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
This file passed all security checks, but stay vigilant. New malware variants appear daily that can evade detection. Always verify files come from official sources and check digital signatures when available.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for
/

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now
Gridinsoft Anti-Malware