home

ntkrnlpa.exe

NT Kernel & System

Microsoft Corporation

This is the image for the Windows NT Kernel with Physical Address Extension support and provides the kernel and executive layers responsible for various system services such as hardware virtualization, process and memory management. It is included with the Windows 7 OS.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft® Windows® Operating System

Description:
NT Kernel & System

 
Part of the Windows 7 Operating System

Version:
6.1.7600.21077 (win7_ldr.111025-1501)

MD5:
0e725e4d29cba35e680dd51099eb6598

SHA-1:
2187c1013cc3faa93cc840e5f78bddd783f4bf09

SHA-256:
5d27ccbc96d4f19c2305874c13fbc03a9459e6e712ff489c85549a7653ceaabb

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/25/2024 10:07:07 PM UTC  (today)

File size:
3.8 MB (3,970,416 bytes)

Product version:
6.1.7600.21077

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
ntkrpamp.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\ntkrnlpa.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
2/14/2011 10:11:44 PM

Valid to:
5/14/2012 11:11:44 PM

Subject:
CN=Microsoft Windows, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Windows Verification PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
61030556000000000010

File PE Metadata
Compilation timestamp:
10/26/2011 4:26:31 AM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
98304:V2pra0Cz/XvAdnMKlxrNFuPlbaruXdssh:VIVCz/fAdnMKlxrOtmuXdzh

Entry address:
0x11E4F0

Entry point:
55, 8B, EC, 83, EC, 20, 8B, 5D, 08, 89, 1D, 8C, 98, 56, 00, 8B, 0D, 6C, 99, 56, 00, 89, 4D, E8, 0B, C9, 75, 3C, C7, 43, 34, 80, 43, 53, 00, C7, 43, 28, 00, 80, 52, 00, 0F, 01, 04, 24, 8B, 54, 24, 02, 83, C2, 30, 8D, 05, 00, AC, 52, 00, 66, 89, 42, 02, C1, E8, 10, 88, 42, 04, 88, 62, 07, 66, C7, 02, 48, 37, 6A, 30, 0F, A1, 64, 89, 0D, EC, 04, 00, 00, 8B, 43, 34, 89, 45, E0, 8D, 48, 40, 89, 48, 40, 89, 48, 44, 8B, 43, 28, 89, 45, E4, E8, 2F, E1, 1F, 00, 83, 7D, E8, 00, 0F, 85, A2, 01, 00, 00, E8, F7, 02, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
3.3 MB (3,435,520 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.