home

kernel32.dll

Windows NT BASE API Client DLL

Microsoft Corporation

The kernel32 library is a protected OS file that is responsible for handling core memory management, input/output operations, process and thread creation as well as exposes the to applications a majority of the Win32 APIs. It is included with Windows XP (SP2). The file has been seen being downloaded from pt.fix4dll.com and multiple other hosts.
Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
Windows NT BASE API Client DLL

 
Part of the Windows XP (Service Pack 2) Operating System

Version:
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

MD5:
888190e31455fad793312f8d087146eb

SHA-1:
775191d293016d9541ddd6aef5ac94ab3776849a

SHA-256:
0a7841f14197177f69d120fe92c55cbb3506b73449e42198ab03432dcbe7f251

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
11/24/2024 4:37:28 AM UTC  (today)

File size:
960.5 KB (983,552 bytes)

Product version:
5.1.2600.2180

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
kernel32

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Windows\System32\kernel32.dll

File PE Metadata
Compilation timestamp:
8/4/2004 3:56:36 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
7.10

CTPH (ssdeep):
12288:teK016Oa+4hC86zWyMHktlJHPVPLgrja:Ie8W/HsLLg/a

Entry address:
0xB436

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 0F, 84, 82, D2, 00, 00, 5D, 90, 90, 90, 90, 90, 8B, FF, 55, 8B, EC, 81, EC, 20, 04, 00, 00, A1, CC, 36, 88, 7C, 8B, 4D, 08, 53, 56, 89, 45, FC, 57, 89, 8D, E0, FB, FF, FF, 64, A1, 18, 00, 00, 00, 8B, 40, 30, 8B, 80, D4, 01, 00, 00, A3, E4, 36, 88, 7C, 89, 0D, 54, 30, 88, 7C, 64, A1, 18, 00, 00, 00, 8B, 70, 30, 8B, 45, 0C, 33, DB, 2B, C3, 89, B5, E4, FB, FF, FF, 0F, 84, E4, 15, 01, 00, 48, 0F, 84, 93, C8, 00, 00, 48, 0F, 85, 79, 18, 00, 00, 53, 6A, 02, E8, A9, 00, 00, 00...
 
[+]

Entropy:
5.7713

Code size:
519.5 KB (531,968 bytes)

The file kernel32.dll has been seen being distributed by the following 4 URLs.

http://pt.fix4dll.com/.../?file=kernel32.dll&md5=888190E31455FAD793312F8D087146EB

http://www.dlldump.com/dllfiles/.../kernel32.dll

http://s10805.chomikuj.pl/File.aspx?e=PfCyaOTUppfiLhHCofPzTzUbakIzd9uA9ISa5QptrYqHglcO4gBGA-XsC-9U6mPPDyP3WLYv9lxt90lcUtZpqwNPajdtTX3oE3xUrnIkfjIh7WQlABv8jp-OpuE7RN0jaTl4HXWyAaIKwAjzps3AQA&pv=2

http://www.dllrepair.com/dll/.../kernel32.dll

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.