home

kernel32.dll

Windows NT BASE API Client DLL

Microsoft Corporation

The kernel32 library is a protected OS file that is responsible for handling core memory management, input/output operations, process and thread creation as well as exposes the to applications a majority of the Win32 APIs. The file has been seen being downloaded from www.dllrepair.com and multiple other hosts.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft® Windows® Operating System

Description:
Windows NT BASE API Client DLL

 
Part of the Windows Operating System

Version:
10.0.10586.0 (th2_release.151029-1700)

MD5:
1c9c6933a94c594de7366124b4dd6075

SHA-1:
ad3e678db0413eedd9aaf6c3446a6da73a6f5856

SHA-256:
86e7e3e20333fbce72bd233ee31d0332cd12efadb59be620690dcbc2bd048624

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
12/26/2024 4:34:53 PM UTC  (today)

File size:
689 KB (705,584 bytes)

Product version:
10.0.10586.0

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
kernel32

File type:
Dynamic link library (Win64 DLL)

Language:
English (United States)

Common path:
C:\Windows\System32\kernel32.dll

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
2/10/2015 10:38:12 AM

Valid to:
5/10/2016 11:38:12 AM

Subject:
CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
330000007AC8EB9FE6137D67E100000000007A

File PE Metadata
Compilation timestamp:
10/29/2015 7:27:54 PM

OS version:
10.0

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
12.10

CTPH (ssdeep):
12288:gzdEavCdANz8OQ6RlfkbMAcJGCDqFhYiVzADULrcaTsdga:gzCavY8wycQAcJ5cGoAoLrcaTsdf

Entry address:
0x181A0

Entry point:
48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 8B, FA, 48, 8B, D9, BA, 01, 00, 00, 00, 3B, FA, 75, 05, E8, 27, 4F, 01, 00, 8B, D7, 48, 8B, CB, 48, 8B, 5C, 24, 30, 48, 83, C4, 20, 5F, E9, 07, 00, 00, 00, CC, CC, CC, CC, CC, CC, CC, 48, 89, 5C, 24, 10, 48, 89, 6C, 24, 18, 48, 89, 74, 24, 20, 57, 41, 56, 41, 57, 48, 81, EC, 50, 02, 00, 00, 48, 8B, 05, 06, BE, 08, 00, 48, 33, C4, 48, 89, 84, 24, 40, 02, 00, 00, 65, 48, 8B, 3C, 25, 60, 00, 00, 00, 33, DB, 4C, 8B, F1, 48, 8B, 6F, 20, 44, 8D, 7B, 01, 85, D2, 0F, 84, 66...
 
[+]

Entropy:
6.5486

Code size:
463 KB (474,112 bytes)

Session Manager Known Dll
Name:
kernel32


The file kernel32.dll has been seen being distributed by the following 3 URLs.

http://www.dllrepair.com/dll/.../kernel32.dll

https://onedrive.live.com/download.aspx?cid=3E443D40D6844177&authKey=!ACWSy8cjyOhYgBw&resid=3E443D40D6844177!308

http://dc432.4shared.com/download/.../kernel32.dll?tsid=20160210-202913-b67bb46f&sbsr=bf76fb622a97e098186ad73d790895a5965&lgfp=2000

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.