home

ntdll.dll

NT Layer DLL

Microsoft Corporation

NTDLL is a library that exports the Native Windows API (undocumented) used by user-mode components of the operating system to implement many of the kernel APIs exported by the kernel32 library. It is included with Windows XP (SP2). The file has been seen being downloaded from www.dlldump.com and multiple other hosts.
Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
NT Layer DLL

 
Part of the Windows XP (Service Pack 2) Operating System

Version:
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

MD5:
bb5cbffc096497506167bce1d9690ef2

SHA-1:
9acff82a7dbf21d39548c92a6c9346283e3b624e

SHA-256:
0aa3d27eba6a5133701ecee64c4373e68c098f8e9fdff0fdcb509729a79e768a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/26/2024 12:57:10 PM UTC  (today)

File size:
691.5 KB (708,096 bytes)

Product version:
5.1.2600.2180

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
ntdll.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Windows\System32\ntdll.dll

File PE Metadata
Compilation timestamp:
8/4/2004 3:56:36 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
7.10

CTPH (ssdeep):
12288:syQ7VTAFuA4RW9AFtyO1JEAZpIVY6PocyS96Z1MV/tSBtwdons:syQ7VT2dH96ZOb

Entry address:
0x13156

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 0F, 84, BD, F6, 00, 00, 33, C0, 40, 5D, C2, 0C, 00, 90, 90, 90, 90, 90, 6A, 14, 68, 18, 32, 91, 7C, E8, 45, BC, FF, FF, 8A, 1D, 20, C1, 97, 7C, 8B, 75, 0C, 33, D2, 3B, F2, 0F, 85, A3, 53, 02, 00, 8B, 7D, 10, 3B, FA, 74, 02, 89, 17, 8B, 4D, 08, F7, C1, FC, FF, FF, FF, 0F, 85, 8C, 9F, 02, 00, 3B, FA, 0F, 84, 9D, 9F, 02, 00, 8B, C1, 83, E0, 02, 0F, 85, 7F, 53, 02, 00, 84, DB, 75, 4A, 33, DB, 43, 84, CB, 0F, 84, 7A, 16, 00, 00, 68, D8, C0, 97, 7C, 3B, C2, 0F, 85, 41, 54, 02...
 
[+]

Entropy:
6.2642

Code size:
490 KB (501,760 bytes)

The file ntdll.dll has been seen being distributed by the following 2 URLs.

http://www.dlldump.com/dllfiles/.../ntdll.dll

http://files-jp-cdn.mlfdll.com/u/.../mlfdll/54655487/download/ntdll.dll

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.