» MpBoot.sys
Overview
Analysis
File Details
Behaviors (1)

MpBoot.sys

Microsoft Malware Protection

Microsoft Corporation

It runs as a Windows 64-bit kernel mode device driver named “Microsoft Malware Protection Boot Driver”.

File name:

MpBoot.sys

Publisher:

Microsoft Corporation (signed and verified)

Product:

Microsoft Malware Protection

Description:

Microsoft antimalware boot driver

Version:

4.4.0300.0

MD5:

66e628049097ec5f7c53c8c4dfe64453

SHA-1:

bc8bf0f1010217135b8bd26ccc36e2f4675690fc

SHA-256:

fd1d6939d93b432de4d02d88a14beca77c599301c7dc02dd6c7b06359f179480

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

5/7/2024 4:22:48 AM UTC (today)

File size:

33.9 KB (34,744 bytes)

Product version:

4.4.0300.0

Original file name:

MpBoot.sys

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\mpboot.sys

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

7/10/2012 12:14:35 AM

Valid to:

10/10/2013 12:14:35 AM

Subject:

CN=Microsoft Windows Early Launch Anti-malware Publisher, OU=AOC, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

3300000013A6641CF565DDD17A000000000013

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

768:0mgFsEkxTuUsDSEtOaGUPbaR0yjRntuCbc:bUdSE77bSzRn0Cbc

Driver

Display name:

Microsoft Malware Protection Boot Driver

Service name:

MpBoot

Type:

Kernel device driver (KernelDriver)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.