home

ntoskrnl.exe

NT Kernel & System

Microsoft Corporation

The Windows NT Operating System Kernel is a non-native library that is used by the OS loader for kernel initialization and provides various system services such as process and memory management, hardware virtualization within the kernal layer. It contains core Windows services such as the executive, memory manager, scheduler and cache manager. It is installed as part of Windows 8.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft® Windows® Operating System

Description:
NT Kernel & System

 
Part of the Windows 8 Operating System

Version:
6.2.8250.0 (winmain_win8beta.120217-1520)

MD5:
b7692232dc0a442d962acb958f50586f

SHA-1:
b37a6d45dbb0345aa4a8736826386300476913fb

SHA-256:
88a2fff5c32109bb8ddc1d51004a51fd30c462af1dea0582aa611490679659bc

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/25/2024 11:15:12 AM UTC  (today)

File size:
6.4 MB (6,743,352 bytes)

Product version:
6.2.8250.0

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
ntkrnlmp.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\ntoskrnl.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
3/14/2011 9:45:50 PM

Valid to:
6/14/2012 9:55:50 PM

Subject:
CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Windows PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
6108B9A4000000000010

File PE Metadata
Compilation timestamp:
2/18/2012 4:36:43 AM

OS version:
6.2

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
10.10

CTPH (ssdeep):
49152:VcwgGvjGs89hrnMxDWuVCcpQofe/qBDl0/S32S6RYxuutLuOaRKXrQyLytg/ingq:OrdnI3PP0dnXALuRtyLO1vc+0SjB/am

Entry address:
0x3407F0

Entry point:
48, 83, EC, 38, 4C, 89, 7C, 24, 30, 4C, 8B, FC, 48, 89, 0D, 0D, D9, FE, FF, 48, 8B, 51, 68, 48, 8D, 05, 72, 09, F9, FF, 48, 85, D2, 48, 0F, 44, D0, 48, 89, 51, 68, 4C, 8B, D2, 48, 81, EA, 80, 01, 00, 00, 48, 89, 52, 18, 4C, 89, 52, 20, 41, 0F, 20, C0, 4C, 89, 82, C0, 01, 00, 00, 41, 0F, 20, D0, 4C, 89, 82, C8, 01, 00, 00, 41, 0F, 20, D8, 4C, 89, 82, D0, 01, 00, 00, 41, 0F, 20, E0, 4C, 89, 82, D8, 01, 00, 00, 0F, 01, 82, 16, 02, 00, 00, 4C, 8B, 82, 18, 02, 00, 00, 4C, 89, 02, 0F, 01, 8A, 26, 02, 00, 00, 4C...
 
[+]

Code size:
5.7 MB (5,961,216 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.