» MpBoot.sys
Overview
Analysis
File Details
Behaviors (1)

MpBoot.sys

Microsoft Malware Protection

Microsoft Corporation

It runs as a Windows 64-bit kernel mode device driver named “Microsoft Malware Protection Boot Driver”.

File name:

MpBoot.sys

Publisher:

Microsoft Corporation (signed and verified)

Product:

Microsoft Malware Protection

Description:

Microsoft antimalware boot driver

Version:

4.4.0300.0

MD5:

744f3b1ec0e0bf4227afe59d4168f417

SHA-1:

94afb167eb97c93d51922ffa573a59c16910b228

SHA-256:

ba4d1f25f9ddf2bdb36fed998d1794d29e13a61825d07906bbba75db9ce7f663

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

4/19/2024 7:30:00 AM UTC (today)

File size:

28.4 KB (29,112 bytes)

Product version:

4.4.0300.0

Original file name:

MpBoot.sys

File type:

Driver (Win64 SYS)

Common path:

C:\Windows\System32\drivers\mpboot.sys

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

7/10/2012 4:14:35 AM

Valid to:

10/10/2013 4:14:35 AM

Subject:

CN=Microsoft Windows Early Launch Anti-malware Publisher, OU=AOC, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

3300000013A6641CF565DDD17A000000000013

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

384:rrcFnTIGDp4G2Y8uXzsWShA0jQorDvIYDVkSnd26WaffWQKzqFnZ1mR0leApuEi+:H6IGlp7o9jQysUVhdRDPFn/puM

Driver

Display name:

Microsoft Malware Protection Boot Driver

Service name:

MpBoot

Type:

Kernel device driver (KernelDriver)

Group:

Early-Launch

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.