» fwpkclnt.sys
Overview
Analysis
File Details

fwpkclnt.sys

FWP/IPsec Kernel-Mode API

Microsoft Corporation

File name:

fwpkclnt.sys

Publisher:

Microsoft Corporation (signed and verified)

Product:

Microsoft® Windows® Operating System

Description:

FWP/IPsec Kernel-Mode API

Version:

6.1.7601.22378 (win7sp1_ldr.130705-1532)

MD5:

b8b0f819447e5b20ad8e60ba499ac164

SHA-1:

71ef7ec85918fc3d1154ef341be5e447f10ed4da

SHA-256:

3fd349036dcd2e1cf773eadc7453687650a12aaa04aed257ecf5ca3bbf17e1c6

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

4/19/2024 9:34:21 PM UTC (today)

File size:

183.4 KB (187,840 bytes)

Product version:

6.1.7601.22378

Original file name:

fwpkclnt.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\windows\temp\5b58a73c-3f66-451d-958e-4caa95d07c8e\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_b5721e2eddf328f9\fwpkclnt.sys

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

5/16/2013 2:20:13 PM

Valid to:

8/16/2014 2:20:13 PM

Subject:

CN=Microsoft Windows, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Windows Verification PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

3300000020C8E989174AADFCE6000000000020

File PE Metadata

Compilation timestamp:

7/5/2013 10:56:24 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

3072:rWfYQDan4F4XHx1PDRcJyU3463kSqFOPlnbBOCXIE9:r1n4F4XHx1PeJyU3463kS/Pltn59

Entry address:

0x2C03E

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 8A, 51, FD, FF, CC, CC, C4, C1, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 78, C3, 02, 00, FC, C0, 00, 00, C8, C0, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 0E, C7, 02, 00, 00, C0, 00, 00, 84, C1, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 6C, C8, 02, 00, BC, C0, 00, 00, E0, C0, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, B6, C9, 02, 00, 18, C0, 00, 00, 0C, C1, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, DC, CC, 02, 00, 44, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.4266

Code size:

104.5 KB (107,008 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.