home

ntoskrnl.exe

NT Kernel & System

Microsoft Corporation

The Windows NT Operating System Kernel is a non-native library that is used by the OS loader for kernel initialization and provides various system services such as process and memory management, hardware virtualization within the kernal layer. It contains core Windows services such as the executive, memory manager, scheduler and cache manager. It is installed with Windows 7 as a General Distribution Release (GDR) as part of a Hotfix.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft® Windows® Operating System

Description:
NT Kernel & System

 
Part of the Windows 7 (with Service Pack 1) Operating System

Version:
6.1.7601.18247 (win7sp1_gdr.130828-1532)

MD5:
6b58ec835ace25dbd35ee22cda67f4a8

SHA-1:
bc18b070072416d463296622304b166442cfd957

SHA-256:
8d5948625bc56debad37567b988a17f76c7c463df1048778e1f09e836118c1bb

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/25/2024 10:15:08 AM UTC  (today)

File size:
3.7 MB (3,914,176 bytes)

Product version:
6.1.7601.18247

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
ntkrnlmp.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\syswow64\ntoskrnl.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
5/16/2013 10:50:13 PM

Valid to:
8/16/2014 10:50:13 PM

Subject:
CN=Microsoft Windows, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Windows Verification PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
3300000020C8E989174AADFCE6000000000020

File PE Metadata
Compilation timestamp:
8/29/2013 5:27:07 AM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
98304:CSS+2D66J0YQ6jv+tCn/a6Vkydue31knZ:Cz+w6G0YQ6T+mXLue31kZ

Entry address:
0x1164F0

Entry point:
55, 8B, EC, 83, EC, 20, 8B, 5D, 08, 89, 1D, 34, F9, 55, 00, 8B, 0D, 24, FA, 55, 00, 89, 4D, E8, 0B, C9, 75, 3C, C7, 43, 34, 40, C3, 52, 00, C7, 43, 28, 00, 00, 52, 00, 0F, 01, 04, 24, 8B, 54, 24, 02, 83, C2, 30, 8D, 05, 00, 2C, 52, 00, 66, 89, 42, 02, C1, E8, 10, 88, 42, 04, 88, 62, 07, 66, C7, 02, 48, 37, 6A, 30, 0F, A1, 64, 89, 0D, EC, 04, 00, 00, 8B, 43, 34, 89, 45, E0, 8D, 48, 40, 89, 48, 40, 89, 48, 44, 8B, 43, 28, 89, 45, E4, E8, 7F, 92, 1F, 00, 83, 7D, E8, 00, 0F, 85, A2, 01, 00, 00, E8, FF, 02, 00...
 
[+]

Entropy:
6.3769

Developed / compiled with:
Microsoft Visual C++

Code size:
3.2 MB (3,380,736 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.