home

ntkrnlpa.exe

NT Kernel & System

Microsoft Corporation

This is the image for the Windows NT Kernel with Physical Address Extension support and provides the kernel and executive layers responsible for various system services such as hardware virtualization, process and memory management. It is included with the Windows 7 OS.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft® Windows® Operating System

Description:
NT Kernel & System

 
Part of the Windows 7 Operating System

Version:
6.1.7000.0 (winmain_win7beta.081212-1400)

MD5:
e34fcf5131c987781f661df4d1b96ba4

SHA-1:
da1fab570555d8309ef70aeab3302ea8e3d5aa9a

SHA-256:
272cdc5dffbcb3bd97bec48c605b9738c53828f1c847cd8cf664603bfe20b7d4

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/26/2024 9:24:55 PM UTC  (today)

File size:
3.8 MB (3,974,920 bytes)

Product version:
6.1.7000.0

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
ntkrpamp.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\ntkrnlpa.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
10/18/2007 3:09:04 PM

Valid to:
12/18/2008 2:19:04 PM

Subject:
CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Windows Verification PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
61052123000000000006

File PE Metadata
Compilation timestamp:
12/12/2008 6:01:31 PM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
49152:frc5qvbYQt/7BeuW46ePeQulLXkmHg4sqDE+Gmu90cbI0fRpOyq:w0vbYQt/7Be7Z/29+GmuacbI0je

Entry address:
0x12C4D8

Entry point:
55, 8B, EC, 83, EC, 20, 8B, 5D, 08, 89, 1D, F4, 8A, 57, 00, 8B, 0D, D0, 8B, 57, 00, 89, 4D, E8, 0B, C9, 75, 3C, C7, 43, 34, 00, C1, 53, 00, C7, 43, 28, 00, 60, 53, 00, 0F, 01, 04, 24, 8B, 54, 24, 02, 83, C2, 30, 8D, 05, 00, 8A, 53, 00, 66, 89, 42, 02, C1, E8, 10, 88, 42, 04, 88, 62, 07, 66, C7, 02, 08, 20, 6A, 30, 0F, A1, 64, 89, 0D, EC, 04, 00, 00, 8B, 43, 34, 89, 45, E0, 8D, 48, 40, 89, 48, 40, 89, 48, 44, 8B, 43, 28, 89, 45, E4, E8, F3, 62, 1F, 00, 83, 7D, E8, 00, 0F, 85, A2, 01, 00, 00, E8, F7, 02, 00...
 
[+]

Entropy:
6.3898

Developed / compiled with:
Microsoft Visual C++

Code size:
3.3 MB (3,437,568 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.