» fwpkclnt.sys
Overview
Analysis
File Details

fwpkclnt.sys

FWP/IPsec Kernel-Mode API

Microsoft Corporation

File name:

fwpkclnt.sys

Publisher:

Microsoft Corporation (signed and verified)

Product:

Microsoft® Windows® Operating System

Description:

FWP/IPsec Kernel-Mode API

Version:

6.1.7600.21060 (win7_ldr.110928-1505)

MD5:

c0dbb0eee4d07d94106715cde55a935c

SHA-1:

a0400fc0bf72e1fecabe6b7d6dc8c06102628b23

SHA-256:

48cb6afe95a3b7df907fb5d925ba92918a08553973e3cfb91c3ce06f1f7540fd

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

4/18/2024 4:21:30 AM UTC (today)

File size:

182.9 KB (187,248 bytes)

Product version:

6.1.7600.21060

Original file name:

fwpkclnt.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\windows\temp\a6de9f85-c02d-4c68-bc2b-21c96530d8a3\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\fwpkclnt.sys

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

2/14/2011 1:11:44 PM

Valid to:

5/14/2012 2:11:44 PM

Subject:

CN=Microsoft Windows, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Windows Verification PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

61030556000000000010

File PE Metadata

Compilation timestamp:

9/28/2011 8:19:30 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

3072:WLrff5Qg9r8X/B1Ofv6JyU3463k3KZNDSZ9rJLxat2nW:WBQgV8X/B1O6JyU3463k3IDG9d8CW

Entry address:

0x2C03E

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 8A, 51, FD, FF, CC, CC, C4, C1, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, C3, 02, 00, FC, C0, 00, 00, C8, C0, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 16, C7, 02, 00, 00, C0, 00, 00, 84, C1, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 74, C8, 02, 00, BC, C0, 00, 00, E0, C0, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, BE, C9, 02, 00, 18, C0, 00, 00, 0C, C1, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, E4, CC, 02, 00, 44, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.4443

Code size:

104.5 KB (107,008 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.