» ntoskrnl.exe
Overview
Analysis
File Details

ntoskrnl.exe

NT Kernel & System

Microsoft Corporation

The Windows NT Operating System Kernel is a non-native library that is used by the OS loader for kernel initialization and provides various system services such as process and memory management, hardware virtualization within the kernal layer. It contains core Windows services such as the executive, memory manager, scheduler and cache manager.

File name:

ntoskrnl.exe

Publisher:

Microsoft Corporation (signed and verified)

Product:

Microsoft® Windows® Operating System

Description:

NT Kernel & System

Version:

6.3.9385.0 (fbl_partner_out17.130415-2049)

MD5:

2e372007f1d58f62160bb6c30ab69edd

SHA-1:

eace23651482d61022923db0629705985f54a3c5

SHA-256:

ce96230f7d279de8274c40974906fe22755b4edc99ce4249bc497e9c90bab5eb

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

4/16/2024 8:10:34 PM UTC (today)

File size:

5.3 MB (5,574,544 bytes)

Product version:

6.3.9385.0

Original file name:

ntkrpamp.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Windows\System32\ntoskrnl.exe

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

7/2/2012 11:56:47 PM

Valid to:

10/2/2013 11:56:47 PM

Subject:

CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Windows PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

3300000014A9A5F731EA110471000000000014

File PE Metadata

Compilation timestamp:

4/16/2013 9:23:14 AM

OS version:

6.3

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

11.0

CTPH (ssdeep):

98304:NKCCHtj5jJW/AL8aKf5b2WBYcrZm9PfolJeC4Nb4c94dxUK1tMCqYODcq9/FaUWO:ujJsoL8aKfZ2Wpm9Pf+JepNbmjUKtMv3

Entry address:

0x20F008

Entry point:

55, 8B, EC, 83, EC, 20, 8B, 5D, 08, 89, 1D, EC, D3, 60, 00, 8B, 0D, B0, D3, 60, 00, 89, 4D, E8, 0B, C9, 75, 66, C7, 43, 44, 00, F1, 5F, 00, 0F, 01, 04, 24, 8B, 54, 24, 02, 83, C2, 30, C7, 42, 04, 00, 92, 40, 00, 8D, 05, 00, 00, 5F, 00, 66, 89, 42, 02, C1, E8, 10, 88, 42, 04, 88, 62, 07, 66, C7, 02, 28, 46, 6A, 30, 0F, A1, 0F, 20, C0, 83, E0, F3, 83, C8, 22, 0F, 22, C0, 0F, 20, E0, 0D, 00, 06, 00, 00, 0F, 22, E0, 64, C7, 05, 08, 00, 00, 00, 80, 1F, 00, 00, 64, 0F, AE, 15, 08, 00, 00, 00, 64, 89, 0D, EC, 04... 
[+]

Entropy:

6.4528

Developed / compiled with:

Microsoft Visual C++

Code size:

4.6 MB (4,870,144 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.