» fwpkclnt.sys
Overview
Analysis
File Details

fwpkclnt.sys

FWP/IPsec Kernel-Mode API

Microsoft Corporation

File name:

fwpkclnt.sys

Publisher:

Microsoft Corporation (signed and verified)

Product:

Microsoft® Windows® Operating System

Description:

FWP/IPsec Kernel-Mode API

Version:

6.1.7601.22176 (win7sp1_ldr.121128-1434)

MD5:

febdd2008aa0b7626f628e1105e43b12

SHA-1:

fd643b8f191b3cb014fc16c6dddb160c9ba1a168

SHA-256:

3b2fcffcb19dc34fbcf56c107ced72b6cdbee5c1fab58fc63f28b977a7eb4e27

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

4/27/2024 2:07:21 AM UTC (today)

File size:

281.3 KB (288,088 bytes)

Product version:

6.1.7601.22176

Original file name:

fwpkclnt.sys

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\windows\temp\18809af1-8476-498e-9f63-33b088c602e9\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22176_none_118eb55296526d33\fwpkclnt.sys

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

9/12/2012 1:44:28 PM

Valid to:

6/12/2013 1:44:28 PM

Subject:

CN=Microsoft Windows, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Windows Verification PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

330000001B1C4C5C7BD3FF112B00000000001B

File PE Metadata

Compilation timestamp:

11/28/2012 10:09:07 PM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

3072:/nM5SfEE0hXGZV/XlbsF0zHKMTML1QCwUf/ZI/ocMf3yZBAupKfCpIgJMH1M:/KE0h2LXBsW+MTML1QCwCZIWaKsOM

Entry address:

0x45064

Entry point:

48, 83, EC, 28, 4C, 8B, C2, 4C, 8B, C9, E8, 95, FF, FF, FF, 49, 8B, D0, 49, 8B, C9, 48, 83, C4, 28, E9, 16, C1, FB, FF, CC, CC, B0, 52, 04, 00, 00, 00, 00, 00, 00, 00, 00, 00, 22, 55, 04, 00, C8, F1, 00, 00, 30, 52, 04, 00, 00, 00, 00, 00, 00, 00, 00, 00, 82, 59, 04, 00, 48, F1, 00, 00, E8, 50, 04, 00, 00, 00, 00, 00, 00, 00, 00, 00, CC, 5A, 04, 00, 00, F0, 00, 00, 40, 51, 04, 00, 00, 00, 00, 00, 00, 00, 00, 00, F2, 5D, 04, 00, 58, F0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.6396

Code size:

123.5 KB (126,464 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.