home

MpBoot.sys

Microsoft Malware Protection

Microsoft Corporation

It runs as a Windows 64-bit kernel mode device driver named “Microsoft Malware Protection Boot Driver”.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft Malware Protection

Description:
Microsoft antimalware boot driver

Version:
4.3.0219.0

MD5:
953c4322db60dc2d7327acbb361fe328

SHA-1:
f6536fc51390c79bb6d6056fc4beb86082b48565

SHA-256:
1cb8fce4fbc6a913055ee2a31ae7532c35428b4271269fb8b3d62e44613df9b6

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/26/2024 8:15:03 PM UTC  (today)

File size:
34.4 KB (35,256 bytes)

Product version:
4.3.0219.0

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
MpBoot.sys

File type:
Driver (Win64 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\mpboot.sys

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
7/10/2012 6:14:35 AM

Valid to:
10/10/2013 6:14:35 AM

Subject:
CN=Microsoft Windows Early Launch Anti-malware Publisher, OU=AOC, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
3300000013A6641CF565DDD17A000000000013

File PE Metadata
Compilation timestamp:
8/13/2013 5:04:47 AM

OS version:
6.3

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
11.0

CTPH (ssdeep):
768:0PVzs5qHWtfuErEpN7ApnPWaiaynWa9SzJ:S8NrEjaWBaynWa9SzJ

Entry address:
0x2620

Entry point:
48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8B, DA, 48, 8B, F9, E8, 6B, 62, 00, 00, 48, 8B, D3, 48, 8B, CF, 48, 8B, 5C, 24, 30, 48, 83, C4, 20, 5F, E9, BE, 59, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, 99, 1A, 00, 00, 75, 10, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 01, C3, 48, C1, C9, 10, E9, 06, 00, 00, 00, CC, CC, CC, CC, CC, CC, B9, 02, 00, 00, 00, CD, 29, CC, CC, CC, CC, CC, CC, CC, CC, CC, 48, 83, EC, 28, 4D, 8B, 41, 38, 48, 8B, CA, 49...
 
[+]

Entropy:
6.4226

Code size:
19.5 KB (19,968 bytes)

Driver
Display name:
Microsoft Malware Protection Boot Driver

Service name:
MpBoot

Type:
Kernel device driver (KernelDriver)

Group:
Early-Launch


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.