Gridinsoft Logo

The ntoskrnl.exe (NT Kernel & System) File Analysis

Updated 8 days ago
Checked by Malware Check
ntoskrnl.exe

Technical Analysis

File Name ntoskrnl.exe
File Type
PE32+ executable (native) x86-64, for MS Windows
Scanner Version 1.0.221.174
Database Version 2025-07-25 00:00:26 UTC

Clean File

No threats detected by our scanner

0%
Detection Rate
10,848,568
File Size (bytes)
2025-07-25
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
abbc38f7e1561b3b42bf39cb7d379a85
SHA1
48e06059cdf3869d479486ee44a304455bff7512
SHA256
67873e9cfcaeef91874229a24da6d08249ccee684f5f960791c2fc381fd2d217
SHA512
32fe4ca654d59c493459c6f8c6f06b561c57a5f719a9f0a61e2e2cf24d8fe114d8392b96054ef36c7c44a7095672b7e42b8dae335f0fb00fe70e37901b8de104
ImpHash
e0e869bbd92f59b58e146ba81eee3f6d

PE Analysis

Basic Information

Image Base 0x140000000
Entry Point 0x14098d010
Compilation Time 2007-02-14 20:03:42
Checksum 0x00a5f8d2 (Actual: 0x00a5f8d2)
OS Version 10.0
PEiD Signatures PE32+ executable (native) x86-64, for MS Windows
PDB Path ntkrnlmp.pdb
Digital Signature OK
Imports 17 libraries
Exports 3084 functions
Resources 10 Resources
Sections 33 Sections

Version Information

CompanyName Microsoft Corporation
FileDescription NT Kernel & System
FileVersion 10.0.19041.1021 (WinBuild.160101.0800)
InternalName ntkrnlmp.exe
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename ntkrnlmp.exe
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.19041.1021
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.rdata 0x00001000 818,944 bytes 819,200 bytes 5.90 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ 055BEDD365F1626EF3FABFDCFDC02D74
.pdata 0x000c9000 425,064 bytes 425,472 bytes 6.54 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ 9C4D15EC7079C839A4231E7C1F2FC46F
.idata 0x00131000 8,386 bytes 8,704 bytes 4.78 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ 070F32EF7904EF1BB65E474BC78D7663
.edata 0x00134000 101,399 bytes 101,888 bytes 6.02 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ E51BC4F02EA4E53735D6D97EE24F0F28
PROTDATA 0x0014d000 1 bytes 512 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ BF619EAC0CDF3F68D496EA9344137E8B
GFIDS 0x0014e000 35,816 bytes 35,840 bytes 5.45 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 7D0C79627845F6ADE217F03AD7DB055C
Pad1 0x00157000 692,224 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
.text 0x00200000 3,959,241 bytes 3,959,296 bytes 6.54 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ C869E98EAF36C9FFF37A8A62321BB3BE
PAGE 0x005c7000 3,953,182 bytes 3,953,664 bytes 6.50 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ A728B9D2BAF440EECEA4BF3FF52CB14F
PAGELK 0x0098d000 151,652 bytes 152,064 bytes 6.54 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 90C6B06152EEA3D797D66A48EEAB9A41
POOLCODE 0x009b3000 1,163 bytes 1,536 bytes 5.15 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 5401B2AB1F8689283AB9840747F9E8EF
PAGEKD 0x009b4000 23,442 bytes 23,552 bytes 6.51 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ F3091C9EBB19C8816E9BF29EE8F9379A
PAGEVRFY 0x009ba000 204,972 bytes 205,312 bytes 6.40 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ FB63489AD0FC9F207B778141495B32E3
PAGEHDLS 0x009ed000 9,686 bytes 9,728 bytes 6.27 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 8BEC5F23590F99964E3CF19289F3120D
PAGEBGFX 0x009f0000 27,114 bytes 27,136 bytes 6.55 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ AF4D5F6ED9F0178EF61D0D224AC8D56E
INITKDBG 0x009f7000 103,866 bytes 103,936 bytes 6.29 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ A1BC1CB0100B6E8BE860665549DFF591
TRACESUP 0x00a11000 5,979 bytes 6,144 bytes 6.21 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 36D69EF13DC9DA558A570EFDF48F0CE5
KVASCODE 0x00a13000 9,182 bytes 9,216 bytes 5.55 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 1D734560940B0477B4C9AEE87FDDF498
RETPOL 0x00a16000 1,856 bytes 2,048 bytes 4.68 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ FC81EECFA18AFEB59CB074C08059CF7F
MINIEX 0x00a17000 9,646 bytes 9,728 bytes 5.93 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ E5741C1A7714F008DBD90FC7B3126EC4
INIT 0x00a1a000 568,424 bytes 568,832 bytes 6.40 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ ECE4ADB939E2C407665D750E95053830
Pad2 0x00aa5000 1,421,312 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
.data 0x00c00000 1,024,200 bytes 77,824 bytes 1.28 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 20A9205267CC81E9F93EC8C7295BF0A1
ALMOSTRO 0x00cfb000 160,480 bytes 5,120 bytes 2.83 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 55ADAB2FF581A0F46A4FBBBC96AA1CDB
CACHEALI 0x00d23000 37,568 bytes 512 bytes 0.16 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 8F35CB33CC79A0D5EB136F8B15785BD3
PAGEDATA 0x00d2d000 74,064 bytes 6,144 bytes 2.18 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 963DFF85F0AE7B6BAB910DE4D0300D92
PAGEVRFD 0x00d40000 89,344 bytes 32,768 bytes 2.88 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE F4C7E25FAF0E3E55EF962BEA8CCCFAC1
INITDATA 0x00d56000 97,348 bytes 2,048 bytes 2.38 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4AFE6E5B4E61EE2DA30614321AF4B4D4
Pad3 0x00d6e000 598,016 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
CFGRO 0x00e00000 7,368 bytes 7,680 bytes 0.11 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0683246D1D2289B8849801B7A4A54D3B
Pad4 0x00e02000 2,088,960 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.rsrc 0x01000000 242,456 bytes 242,688 bytes 2.21 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 2EE86C9EAEAC102C38E4231ED898C0B1
.reloc 0x0103c000 39,416 bytes 39,424 bytes 5.87 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ FBA9C508EE81BF9711011850532465ED
Entropy Analysis Alert

6 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 10 (241,810 bytes)
Resource Type Count Total Size Percentage
RT_BITMAP 7 190,520 bytes
78.8%
RT_RCDATA 1 33,094 bytes
13.7%
RT_MESSAGETABLE 1 17,272 bytes
7.1%
RT_VERSION 1 924 bytes
0.4%

Certificate Chain Analysis

Certificate Information
Product Microsoft® Windows® Operating System
Description NT Kernel & System
File Version 10.0.19041.1021 (WinBuild.160101.0800)
Original Name ntkrnlmp.exe
Signing Date 02:11 AM 05/08/2021 (1547 days ago)
Verification Status Signed
Signers Microsoft Windows; Microsoft Windows Production PCA 2011; Microsoft Root Certificate Authority 2010
Counter Signers Microsoft Time-Stamp Service; Microsoft Time-Stamp PCA 2010; Microsoft Root Certificate Authority 2010
Internal Name ntkrnlmp.exe
Copyright © Microsoft Corporation. All rights reserved.
Certificate Chain Summary
Microsoft Windows #1 Primary
Validity Period: 2020-12-15 21:29:14 → 2021-12-02 21:29:14
Signature Algorithm: sha256RSA
Serial Number: 33 00 00 02 ED 2C 45 E4 C1 45 CF 48 44 00 00 00 00 02 ED
Microsoft Windows Production PCA 2011 #2 Chain
Validity Period: 2011-10-19 18:41:42 → 2026-10-19 18:51:42
Signature Algorithm: sha256RSA
Serial Number: 61 07 76 56 00 00 00 00 00 08
Microsoft Time-Stamp Service #3 Chain
Validity Period: 2020-11-12 18:26:03 → 2022-02-11 18:26:03
Signature Algorithm: sha256RSA
Serial Number: 33 00 00 01 50 58 A2 D4 A7 9B 0B 30 EB 00 00 00 00 01 50
Microsoft Time-Stamp PCA 2010 #4 Chain
Validity Period: 2010-07-01 21:36:55 → 2025-07-01 21:46:55
Signature Algorithm: sha256RSA
Serial Number: 61 09 81 2A 00 00 00 00 00 02

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

OK

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
This file passed all security checks, but stay vigilant. New malware variants appear daily that can evade detection. Always verify files come from official sources and check digital signatures when available.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware