home

ntoskrnl.exe

NT Kernel & System

Microsoft Corporation

The Windows NT Operating System Kernel is a non-native library that is used by the OS loader for kernel initialization and provides various system services such as process and memory management, hardware virtualization within the kernal layer. It contains core Windows services such as the executive, memory manager, scheduler and cache manager. It is included with the Windows 7 OS.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft® Windows® Operating System

Description:
NT Kernel & System

 
Part of the Windows 7 Operating System

Version:
6.1.7600.20881 (win7_ldr.110114-1504)

MD5:
2257e8802741803f0c787ee521426011

SHA-1:
10f939952f1a647c86dda61fced84d56851caaac

SHA-256:
d9acd05ec3fa34a84be8a31e41be78c74c5b96b7b2c9d90d4b0b23807c807050

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/25/2024 2:37:35 PM UTC  (today)

File size:
5.2 MB (5,475,712 bytes)

Product version:
6.1.7600.20881

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
ntkrnlmp.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\ntoskrnl.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
12/7/2009 2:57:40 PM

Valid to:
3/7/2011 2:57:40 PM

Subject:
CN=Microsoft Windows, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Windows Verification PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
6115230F00000000000A

File PE Metadata
Compilation timestamp:
1/14/2011 8:46:21 PM

OS version:
6.1

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
49152:Kwg/UbLpD9bUJi2oAb3IXENklOUunv93Ixc0/knI9TiKRx+hpfIeeLtKv1PN7wT3:KwgMbSXSGz0N9jn+hpweexKqZAGH3

Entry address:
0x2A3BE0

Entry point:
48, 83, EC, 38, 4C, 89, 7C, 24, 30, 4C, 8B, FC, 48, 89, 0D, 2D, B5, FF, FF, 48, 8B, 51, 48, 48, 8D, 05, 82, E2, F3, FF, 48, 85, D2, 48, 0F, 44, D0, 48, 89, 51, 48, 4C, 8B, D2, 48, 81, EA, 80, 01, 00, 00, 48, 89, 52, 18, 4C, 89, 52, 20, 41, 0F, 20, C0, 4C, 89, 82, C0, 01, 00, 00, 41, 0F, 20, D0, 4C, 89, 82, C8, 01, 00, 00, 41, 0F, 20, D8, 4C, 89, 82, D0, 01, 00, 00, 41, 0F, 20, E0, 4C, 89, 82, D8, 01, 00, 00, 0F, 01, 82, 16, 02, 00, 00, 4C, 8B, 82, 18, 02, 00, 00, 4C, 89, 02, 0F, 01, 8A, 26, 02, 00, 00, 4C...
 
[+]

Entropy:
6.3454

Code size:
4.4 MB (4,629,504 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.