» winload.exe
Overview
Analysis
File Details

winload.exe

OS Loader

Microsoft Corporation

File name:

winload.exe

Publisher:

Microsoft Corporation (signed and verified)

Product:

Microsoft® Windows® Operating System

Description:

OS Loader

Version:

6.3.9385.0 (fbl_partner_out17.130415-2049)

MD5:

7d0e42453de939d16df5c98d498e0aac

SHA-1:

c96fae3571e45ab5d1b78b424aa43bb9a1c64c24

SHA-256:

fc13bf7e330fb8ddcf52326adefe75fd8089ad9e19e4656250795db2d2ea6663

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

4/25/2024 6:15:35 PM UTC (today)

File size:

1.2 MB (1,224,224 bytes)

Product version:

6.3.9385.0

Original file name:

osloader.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Windows\System32\winload.exe

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

7/2/2012 11:56:47 PM

Valid to:

10/2/2013 11:56:47 PM

Subject:

CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Windows PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

3300000014A9A5F731EA110471000000000014

File PE Metadata

Compilation timestamp:

4/16/2013 12:15:24 PM

OS bitness:

Win32

Subsystem:

Linker version:

11.0

CTPH (ssdeep):

24576:He2GO3L+HVqBOxhw3s98MaxSOAeoRLgGxg4eFdpuFwho0U+6YB2qj1:H3qOeZsSO9FdpYn0PmU1

Entry address:

0x7530

Entry point:

8B, FF, 55, 8B, EC, 83, E4, F8, 83, EC, 44, 8B, 55, 08, 33, C0, 53, 56, 57, 8B, 5A, 34, 33, F6, 6A, 07, 03, DA, 89, 74, 24, 10, 59, 8B, FB, F3, AB, 33, FF, 47, 89, 3B, 8B, 42, 28, 6A, 08, 03, C2, 68, F0, 91, 50, 00, 50, E8, 9B, 01, 0F, 00, 83, C4, 0C, 85, C0, 74, 0A, B8, F7, 00, 00, C0, E9, E5, 00, 00, 00, 8B, CF, E8, 9E, CA, 00, 00, 84, C0, 0F, 84, CD, 00, 00, 00, 8D, 44, 24, 10, 50, 56, 57, E8, D4, C4, 0C, 00, F6, 44, 24, 1C, 40, 0F, 84, B6, 00, 00, 00, 6A, 08, 89, 7C, 24, 18, 8D, 54, 24, 34, 89, 74, 24... 
[+]

Entropy:

6.6243

Code size:

1017.5 KB (1,041,920 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.