home

ntkrnlpa.exe

NT Kernel & System

ntkrnlpa

This is the image for the Windows NT Kernel with Physical Address Extension support and provides the kernel and executive layers responsible for various system services such as hardware virtualization, process and memory management. It is included with the Windows 7 OS.
Publisher:
Microsoft Corporation  (signed by ntkrnlpa)

Product:
Microsoft® Windows® Operating System

Description:
NT Kernel & System

 
Part of the Windows 7 Operating System

Version:
6.1.7600.20738 (win7_ldr.100618-1621)

MD5:
6bb5d70720db62a363404836140c97e6

SHA-1:
eb172b7cc26edaaac7efd2a35c722ad2bffec1ff

SHA-256:
3c320edf521a950bbeb9dff77ca4a39be93177c7503a0d2e73fa21e58ae17b0e

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/23/2024 8:20:05 PM UTC  (today)

File size:
3.8 MB (3,958,792 bytes)

Product version:
6.1.7600.20738

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
ntkrpamp.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\ntkrnlpa.exe

Digital Signature
Signed by:
ntkrnlpa

Authority:
ntkrnlpa

Valid from:
11/17/2010 5:53:55 AM

Valid to:
1/1/2040 12:59:59 AM

Subject:
CN=ntkrnlpa

Issuer:
CN=ntkrnlpa

Serial number:
A0AFEA68D42CAEAC47FD0878D2948BD9

File PE Metadata
Compilation timestamp:
6/19/2010 6:01:36 AM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
98304:c7epE142sufAzCdsna83u1WLdzCIhrAuaYBzR:ciCW2sufmCdsna837OIOuaYBzR

Entry address:
0x11E4D8

Entry point:
55, 8B, EC, 83, EC, 20, 8B, 5D, 08, 89, 1D, 8C, 98, 56, 00, 8B, 0D, 6C, 99, 56, 00, 89, 4D, E8, 0B, C9, 75, 3C, C7, 43, 34, 80, 43, 53, 00, C7, 43, 28, 00, 80, 52, 00, 0F, 01, 04, 24, 8B, 54, 24, 02, 83, C2, 30, 8D, 05, 00, AC, 52, 00, 66, 89, 42, 02, C1, E8, 10, 88, 42, 04, 88, 62, 07, 66, C7, 02, 48, 37, 6A, 30, 0F, A1, 64, 89, 0D, EC, 04, 00, 00, 8B, 43, 34, 89, 45, E0, 8D, 48, 40, 89, 48, 40, 89, 48, 44, 8B, 43, 28, 89, 45, E4, E8, 47, C1, 1F, 00, 83, 7D, E8, 00, 0F, 85, A2, 01, 00, 00, E8, F7, 02, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
3.3 MB (3,430,400 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.