home

ntkrnlpa.exe

NT Kernel & System

Microsoft Windows

This is the image for the Windows NT Kernel with Physical Address Extension support and provides the kernel and executive layers responsible for various system services such as hardware virtualization, process and memory management. It is installed with Windows 7 as a General Distribution Release (GDR) as part of a Hotfix.
Publisher:
Microsoft Corporation  (signed by Microsoft Windows)

Product:
Microsoft® Windows® Operating System

Description:
NT Kernel & System

 
Part of the Windows 7 (with Service Pack 1) Operating System

Version:
6.1.7601.18247 (win7sp1_gdr.130828-1532)

MD5:
199bfbd20e2231c232169465e92fc508

SHA-1:
257b2f10988df649a9e28124ed663a70fcf13460

SHA-256:
5aee9f75ae27f6e0e3b5dfaba06c472d547d7ca61c90f9ab6a528907568934e4

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/18/2024 2:44:51 PM UTC  (today)

File size:
3.8 MB (3,963,352 bytes)

Product version:
6.1.7601.18247

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
ntkrpamp.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Windows\System32\ntkrnlpa.exe

Digital Signature
Signed by:
Microsoft Windows

Authority:
Microsoft Windows

Valid from:
10/28/2013 1:49:58 PM

Valid to:
1/1/2040 3:59:59 AM

Subject:
CN=Microsoft Windows

Issuer:
CN=Microsoft Windows

Serial number:
987CFC659D51528241C854E525BCBCDB

File PE Metadata
Compilation timestamp:
8/29/2013 4:58:30 AM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
98304:/ZvMS2J9ln8EQp5vC4RZZDesZb+fqQUSAuK1BY:Bv6J/nJM5K4RZRea+jWuK1BY

Entry address:
0x11E4F0

Entry point:
55, 8B, EC, 83, EC, 20, 8B, 5D, 08, 89, 1D, D4, 99, 56, 00, 8B, 0D, B4, 9A, 56, 00, 89, 4D, E8, 0B, C9, 75, 3C, C7, 43, 34, 80, 43, 53, 00, C7, 43, 28, 00, 80, 52, 00, 0F, 01, 04, 24, 8B, 54, 24, 02, 83, C2, 30, 8D, 05, 00, AC, 52, 00, 66, 89, 42, 02, C1, E8, 10, 88, 42, 04, 88, 62, 07, 66, C7, 02, 48, 37, 6A, 30, 0F, A1, 64, 89, 0D, EC, 04, 00, 00, 8B, 43, 34, 89, 45, E0, 8D, 48, 40, 89, 48, 40, 89, 48, 44, 8B, 43, 28, 89, 45, E4, E8, 91, C2, 1F, 00, 83, 7D, E8, 00, 0F, 85, A2, 01, 00, 00, E8, FF, 02, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
3.3 MB (3,433,472 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.