home

kernel32.dll

Windows NT BASE API Client DLL

Microsoft Corporation

The kernel32 library is a protected OS file that is responsible for handling core memory management, input/output operations, process and thread creation as well as exposes the to applications a majority of the Win32 APIs.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft® Windows® Operating System

Description:
Windows NT BASE API Client DLL

 
Part of the Windows Operating System

Version:
10.0.10240.16387 (th1_st1.150711-1429)

MD5:
b87e2cf22575088058dcfc397c69270b

SHA-1:
75e4f8c0ceb5809e6115ed43d98b045f78f986ff

SHA-256:
1e427a1b2c739b88c8623a472d0e8edf6d90daa1692b84dcc6a4dae74d8684bb

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
2/25/2025 5:31:57 PM UTC  (today)

File size:
686 KB (702,512 bytes)

Product version:
10.0.10240.16387

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
kernel32

File type:
Dynamic link library (Win64 DLL)

Language:
English (United States)

Common path:
C:\Windows\System32\kernel32.dll

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
2/11/2015 12:08:12 AM

Valid to:
5/11/2016 12:08:12 AM

Subject:
CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
330000007AC8EB9FE6137D67E100000000007A

File PE Metadata
Compilation timestamp:
7/12/2015 5:48:39 AM

OS version:
10.0

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
12.10

CTPH (ssdeep):
12288:rZh/GQJNR9Zn3OJgZ5UWF0dyZKMDRb5ieiRGjt+AtY3rY0vjsLM9:nGQJNjZnagZfgWKMD7itGtC3rY0vjsLK

Entry address:
0x12E30

Entry point:
48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 8B, FA, 48, 8B, D9, BA, 01, 00, 00, 00, 3B, FA, 75, 05, E8, 97, 21, 01, 00, 8B, D7, 48, 8B, CB, 48, 8B, 5C, 24, 30, 48, 83, C4, 20, 5F, E9, 07, 00, 00, 00, CC, CC, CC, CC, CC, CC, CC, 48, 89, 5C, 24, 10, 48, 89, 6C, 24, 18, 48, 89, 74, 24, 20, 57, 41, 56, 41, 57, 48, 81, EC, 50, 02, 00, 00, 48, 8B, 05, 76, 01, 09, 00, 48, 33, C4, 48, 89, 84, 24, 40, 02, 00, 00, 65, 48, 8B, 3C, 25, 60, 00, 00, 00, 33, DB, 4C, 8B, F1, 48, 8B, 6F, 20, 44, 8D, 7B, 01, 85, D2, 0F, 84, 66...
 
[+]

Entropy:
6.5374

Code size:
458.5 KB (469,504 bytes)

Session Manager Known Dll
Name:
kernel32


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.