» ntoskrnl_patched.exe
Overview
Analysis
File Details

ntoskrnl_patched.exe

NT Kernel & System

Microsoft Corporation

File name:

Publisher:

Microsoft Corporation (signed and verified)

Product:

Microsoft® Windows® Operating System

Description:

NT Kernel & System

Version:

6.4.9841.0 (fbl_release.140912-1613)

MD5:

905a177eb5fc0fe6ace3a1db3e58a5af

SHA-1:

93e291f9f045e1747c31649d7595ae13e55369ee

SHA-256:

3fc05640ed65e4332366eb4b8d14d50d91cab1293630c5686c71c794f212cebc

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

11/22/2024 3:41:55 PM UTC (today)

File size:

7.1 MB (7,428,560 bytes)

Product version:

6.4.9841.0

Original file name:

ntkrnlmp.exe

File type:

Executable application (Win64 EXE)

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

8/4/2014 11:33:34 PM

Valid to:

4/30/2015 11:33:34 PM

Subject:

CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Windows PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

33000001364C4ED9674670DA3B000000000136

File PE Metadata

Compilation timestamp:

9/13/2014 7:19:10 AM

OS version:

6.4

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

12.10

CTPH (ssdeep):

98304:aeGA0DgO63Lwx6UAnTJKJMyit7lWJYF2FopPmfhLs:auK163LK1AVKJ9itxWGF8oZKhLs

Entry address:

0x39E010

Entry point:

48, 83, EC, 38, 4C, 89, 7C, 24, 30, 4C, 8B, FC, 48, 89, 0D, C5, 58, FE, FF, 48, 8B, 51, 68, 48, 8D, 05, 52, A1, F8, FF, 48, 85, D2, 48, 0F, 44, D0, 48, 89, 51, 68, 4C, 8B, D2, 48, 81, EA, 80, 01, 00, 00, 48, 89, 52, 18, 4C, 89, 52, 20, 41, 0F, 20, C0, 4C, 89, 82, C0, 01, 00, 00, 41, 0F, 20, D0, 4C, 89, 82, C8, 01, 00, 00, 41, 0F, 20, D8, 4C, 89, 82, D0, 01, 00, 00, 41, 0F, 20, E0, 4C, 89, 82, D8, 01, 00, 00, 0F, 01, 82, 16, 02, 00, 00, 4C, 8B, 82, 18, 02, 00, 00, 4C, 89, 02, 0F, 01, 8A, 26, 02, 00, 00, 4C... 
[+]

Code size:

6 MB (6,262,272 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.