home

ntoskrnl.exe

NT Kernel & System

Microsoft Corporation

The Windows NT Operating System Kernel is a non-native library that is used by the OS loader for kernel initialization and provides various system services such as process and memory management, hardware virtualization within the kernal layer. It contains core Windows services such as the executive, memory manager, scheduler and cache manager. It is included with the Windows 7 OS.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft® Windows® Operating System

Description:
NT Kernel & System

 
Part of the Windows 7 Operating System

Version:
6.1.7000.0 (winmain_win7beta.081212-1400)

MD5:
b8c0834f91b10f170abd6639ae8cf525

SHA-1:
9a28829b7c772a6a98a43d9184fc619ce86941c8

SHA-256:
39d4a6c2cf552ff21063cd8aeb178540b3c343e72d7cb37498b391846733b09a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/19/2024 12:18:26 AM UTC  (today)

File size:
3.7 MB (3,920,648 bytes)

Product version:
6.1.7000.0

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
ntkrnlmp.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\ntoskrnl.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
10/18/2007 3:09:04 PM

Valid to:
12/18/2008 2:19:04 PM

Subject:
CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Windows Verification PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
61052123000000000006

File PE Metadata
Compilation timestamp:
12/12/2008 5:58:53 PM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
98304:R3CPvO6YosXtUXv4wp3ABZYZVVuMARqxA:RyPvO6wXSv4wpsuLVuMARqS

Entry address:
0x1234D8

Entry point:
55, 8B, EC, 83, EC, 20, 8B, 5D, 08, 89, 1D, EC, D7, 56, 00, 8B, 0D, C0, D8, 56, 00, 89, 4D, E8, 0B, C9, 75, 3C, C7, 43, 34, C0, 30, 53, 00, C7, 43, 28, 00, D0, 52, 00, 0F, 01, 04, 24, 8B, 54, 24, 02, 83, C2, 30, 8D, 05, 00, FA, 52, 00, 66, 89, 42, 02, C1, E8, 10, 88, 42, 04, 88, 62, 07, 66, C7, 02, 08, 20, 6A, 30, 0F, A1, 64, 89, 0D, EC, 04, 00, 00, 8B, 43, 34, 89, 45, E0, 8D, 48, 40, 89, 48, 40, 89, 48, 44, 8B, 43, 28, 89, 45, E4, E8, 12, 35, 1F, 00, 83, 7D, E8, 00, 0F, 85, A2, 01, 00, 00, E8, F7, 02, 00...
 
[+]

Entropy:
6.3860

Developed / compiled with:
Microsoft Visual C++

Code size:
3.2 MB (3,385,856 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.