home

ntkrnlpa.exe

NT Kernel & System

Microsoft Corporation

This is the image for the Windows NT Kernel with Physical Address Extension support and provides the kernel and executive layers responsible for various system services such as hardware virtualization, process and memory management. It is installed with Windows 7 as a General Distribution Release (GDR) as part of a Hotfix.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft® Windows® Operating System

Description:
NT Kernel & System

 
Part of the Windows 7 (with Service Pack 1) Operating System

Version:
6.1.7601.18409 (win7sp1_gdr.140303-2144)

MD5:
d8c5145168a8acbd9df56bcda3855d61

SHA-1:
258375cacdc1530576008e2e85bddac8e2212e51

SHA-256:
e497bc1220e4c02fa5402a962bcfa121582999da00eaea6017ddd455f5796706

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/26/2024 7:19:53 PM UTC  (today)

File size:
3.8 MB (3,969,984 bytes)

Product version:
6.1.7601.18409

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
ntkrpamp.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\ntkrnlpa.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
5/16/2013 8:20:13 PM

Valid to:
8/16/2014 8:20:13 PM

Subject:
CN=Microsoft Windows, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Windows Verification PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
3300000020C8E989174AADFCE6000000000020

File PE Metadata
Compilation timestamp:
3/4/2014 9:19:27 AM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
98304:FnEkqIKNhPjeRVdZuTdKo8tc8jzoxu9acGO5:VgIK7PCRVdZkd0tcq+u9aZq

Entry address:
0x11E4F0

Entry point:
55, 8B, EC, 83, EC, 20, 8B, 5D, 08, 89, 1D, D4, 99, 56, 00, 8B, 0D, B4, 9A, 56, 00, 89, 4D, E8, 0B, C9, 75, 3C, C7, 43, 34, 80, 43, 53, 00, C7, 43, 28, 00, 80, 52, 00, 0F, 01, 04, 24, 8B, 54, 24, 02, 83, C2, 30, 8D, 05, 00, AC, 52, 00, 66, 89, 42, 02, C1, E8, 10, 88, 42, 04, 88, 62, 07, 66, C7, 02, 48, 37, 6A, 30, 0F, A1, 64, 89, 0D, EC, 04, 00, 00, 8B, 43, 34, 89, 45, E0, 8D, 48, 40, 89, 48, 40, 89, 48, 44, 8B, 43, 28, 89, 45, E4, E8, 91, C2, 1F, 00, 83, 7D, E8, 00, 0F, 85, A2, 01, 00, 00, E8, FF, 02, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
3.3 MB (3,433,984 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.