home

ntoskrnl.exe

NT Kernel & System

Microsoft Corporation

The Windows NT Operating System Kernel is a non-native library that is used by the OS loader for kernel initialization and provides various system services such as process and memory management, hardware virtualization within the kernal layer. It contains core Windows services such as the executive, memory manager, scheduler and cache manager. It is included with Windows the Vista OS.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft® Windows® Operating System

Description:
NT Kernel & System

 
Part of the Windows Vista Operating System

Version:
6.0.6001.22258 (vistasp1_ldr.080904-1629)

MD5:
c719f4815748f136261627ff0b5888c8

SHA-1:
4a5aab7c81d938651d7a627e6b425cbef988d9c8

SHA-256:
04da686b8f5a66d775e0146b11eac0749cfa5bb9c02a0dc8059e9f2d6e303741

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/23/2024 1:45:19 PM UTC  (today)

File size:
3.4 MB (3,549,752 bytes)

Product version:
6.0.6001.22258

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
ntkrnlmp.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\ntoskrnl.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
10/19/2007 12:09:04 AM

Valid to:
12/18/2008 11:19:04 PM

Subject:
CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Windows Verification PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
61052123000000000006

File PE Metadata
Compilation timestamp:
9/5/2008 4:31:32 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
8.0

CTPH (ssdeep):
49152:j1CM0hJMCDa3hIZC8znEuYf3t2MNJMoJNBpc07m5CkzTbY2wZkl5s1:5rS2CDTZ5AffdmoRS07m5Nz/Fw+/c

Entry address:
0xE34B0

Entry point:
55, 8B, EC, 83, EC, 20, 8B, 5D, 08, 89, 1D, C4, C7, 52, 00, 0F, B6, 0D, 8C, C8, 52, 00, 89, 4D, E8, 0B, C9, 75, 3C, C7, 43, 24, 00, 2E, 4F, 00, C7, 43, 18, 00, D0, 4E, 00, 0F, 01, 04, 24, 8B, 54, 24, 02, 83, C2, 30, 8D, 05, 00, F8, 4E, 00, 66, 89, 42, 02, C1, E8, 10, 88, 42, 04, 88, 62, 07, 66, C7, 02, 28, 21, 6A, 30, 0F, A1, 64, 88, 0D, 30, 01, 00, 00, 8B, 43, 24, 89, 45, E0, 8D, 48, 38, 89, 48, 38, 89, 48, 3C, 8B, 43, 18, 89, 45, E4, E8, C8, 95, 1D, 00, 80, 7D, E8, 00, 0F, 85, A2, 01, 00, 00, E8, E6, 02...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
2.9 MB (3,026,944 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.