Gridinsoft Logo

The ntoskrnl.exe (NT Kernel & System) File Analysis

Updated 8 months ago
Checked by Malware Check
ntoskrnl.exe

Technical Analysis

File Name ntoskrnl.exe
File Type
PE32+ executable (native) x86-64, for MS Windows
Scanner Version 1.0.194.174
Database Version 2024-10-23 19:00:18 UTC

Clean File

No threats detected by our scanner

0%
Detection Rate
12,719,536
File Size (bytes)
2024-10-23
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
988b9ede50dfad79dbca96cc93018ef6
SHA1
9b93ae250d6b76d5474f1a059a37e87d87ebf6b5
SHA256
80eb4c09526b97be23f6daa4ccd2bc97c467d2f3f5b278127693ccbcc17c8369
SHA512
a7d521ad192b110c0a0b2ca389b2630099644117e667e18ee8e6f1ea7ed3a80e5c826eb6cbae0aa599b81e80f98709d11d2102d91eaf0b9a2d098121a8d96f57
ImpHash
9f658df0d5d75e94a9a5dcf89701002a

PE Analysis

Basic Information

Image Base 0x140000000
Entry Point 0x140b0a290
Compilation Time 2077-12-15 13:42:50
Checksum 0x00c28348 (Actual: 0x00c28348)
OS Version 10.0
PEiD Signatures PE32+ executable (native) x86-64, for MS Windows
PDB Path ntkrnlmp.pdb
Digital Signature OK
Imports 21 libraries
Exports 3385 functions
Resources 10 Resources
Sections 36 Sections

Version Information

CompanyName Microsoft Corporation
FileDescription NT Kernel & System
FileVersion 10.0.26100.2033 (WinBuild.160101.0800)
InternalName ntkrnlmp.exe
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename ntkrnlmp.exe
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.26100.2033
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.rdata 0x00001000 873,568 bytes 876,544 bytes 5.94 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ 931273B2D34D2A7C09A2C0035CCECD21
.pdata 0x000d7000 444,948 bytes 446,464 bytes 6.53 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ 7B4279F665616790054C3DE6BBC2ECE5
.idata 0x00144000 9,764 bytes 12,288 bytes 4.14 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ 0D11CCBABF208DA30F245280C10A1FAD
.edata 0x00147000 111,456 bytes 114,688 bytes 5.94 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ F7F509E25AF49D5879D55566E337C1F0
PROTDATA 0x00163000 1 bytes 4,096 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ 620F0B67A91F7F74151BC5BE745B7110
GFIDS 0x00164000 43,180 bytes 45,056 bytes 5.32 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ EEF418649D47C154CDE9D71DD7C915AB
Pad1 0x0016f000 593,920 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
.text 0x00200000 4,998,237 bytes 5,001,216 bytes 6.51 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 9BFF0EB757B1AD09DBCDA2D0E95D9749
PAGE 0x006c5000 4,476,624 bytes 4,476,928 bytes 6.47 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 36B94465719181BFD24894417986707E
PAGELK 0x00b0a000 152,268 bytes 155,648 bytes 6.47 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ C90B3BA0E5AF9CE022EEB13739AFF18B
POOLCODE 0x00b30000 9,662 bytes 12,288 bytes 5.54 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 0850B7F754AA243CBD941CAC00F3A7E0
PAGEKD 0x00b33000 24,036 bytes 24,576 bytes 6.41 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 2A747CC360E3F58FF7A87F2531794BCA
PAGEVRFY 0x00b39000 202,009 bytes 204,800 bytes 6.34 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ C8B5B58F9F2EA113E6B03D392B6BDD65
PAGEHDLS 0x00b6b000 9,074 bytes 12,288 bytes 5.00 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 5F8EC7FA8008C2D6593664AD7FA4E804
PAGEBGFX 0x00b6e000 26,994 bytes 28,672 bytes 6.33 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 9CD418DDFC4C4F81F8096B2456453581
TRACESUP 0x00b75000 6,563 bytes 8,192 bytes 5.56 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 9C822CE20A37C4C6B1B97B32804D696C
PAGECMRC 0x00b77000 3,827 bytes 4,096 bytes 6.06 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ B1A7AE5254A81B71D6DEAD3816FBAD9E
KVASCODE 0x00b78000 9,342 bytes 12,288 bytes 4.64 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 3F9D6395F84906859B00771C7374F6A4
KSCP 0x00b7b000 2,144 bytes 4,096 bytes 3.28 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 547F591EC7420542B488B90BD8A3D40D
DRVPRX 0x00b7c000 183 bytes 4,096 bytes 0.45 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 7346FA4DB6E8BDF3A6A15D40C75D78D4
fothk 0x00b7d000 4,096 bytes 4,096 bytes 0.06 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 9289EDE3AC6151F24F766A51170E891D
INITKDBG 0x00b7e000 127,398 bytes 131,072 bytes 6.13 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 8CF51094B653F8CEC60BB08BFAC9154E
MINIEX 0x00b9e000 9,916 bytes 12,288 bytes 5.20 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ BCEFE019BAFC6FBCF3E31C3620535227
INIT 0x00ba1000 645,888 bytes 647,168 bytes 6.32 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 96E9F21679C929E5862D0FD576BC2CF5
Pad2 0x00c3f000 1,839,104 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
.data 0x00e00000 1,844,992 bytes 61,440 bytes 1.82 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5358D77A5E22A462C5CDD7920CA847EE
ALMOSTRO 0x00fc3000 40,000 bytes 8,192 bytes 2.36 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE C24C670A71F2205310E1F9C57CEFFEAC
CACHEALI 0x00fcd000 36,352 bytes 4,096 bytes 0.03 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE DC3AD255B5613AF42796525D39F7E7AA
PAGEDATA 0x00fd6000 111,696 bytes 8,192 bytes 1.92 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 8107717DE453022B4BB48F747C3EE11C
PAGEVRFD 0x00ff2000 80,976 bytes 40,960 bytes 2.50 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 87466539F46F6C93048E97F5750A4899
INITDATA 0x01006000 136,372 bytes 4,096 bytes 1.38 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 2220D7996CC7739EE3F773780E3BD27F
Pad3 0x01028000 1,933,312 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
CFGRO 0x01200000 8,272 bytes 12,288 bytes 0.13 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE E053BB1A3900A19318935A3B305C163A
Pad4 0x01203000 2,084,864 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.rsrc 0x01400000 233,096 bytes 233,472 bytes 1.90 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ BF76310454EFC3482C08BBAB008A9970
.reloc 0x01439000 87,200 bytes 90,112 bytes 5.63 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 66B54BFECCE2AA3BE7E115E516F9137F
Entropy Analysis Alert

2 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 10 (232,450 bytes)
Resource Type Count Total Size Percentage
RT_BITMAP 7 190,520 bytes
82%
RT_RCDATA 1 22,034 bytes
9.5%
RT_MESSAGETABLE 1 18,972 bytes
8.2%
RT_VERSION 1 924 bytes
0.4%

Certificate Chain Analysis

Certificate Information
Product Microsoft® Windows® Operating System
Description NT Kernel & System
File Version 10.0.26100.2033 (WinBuild.160101.0800)
Original Name ntkrnlmp.exe
Signing Date 03:51 AM 10/04/2024 (277 days ago)
Verification Status Signed
Signers Microsoft Windows; Microsoft Windows Production PCA 2011; Microsoft Root Certificate Authority 2010
Counter Signers Microsoft Time-Stamp Service; Microsoft Time-Stamp PCA 2010; Microsoft Root Certificate Authority 2010
Internal Name ntkrnlmp.exe
Copyright © Microsoft Corporation. All rights reserved.
Certificate Chain Summary
Microsoft Windows #1 Primary
Validity Period: 2023-11-16 19:20:08 → 2024-11-14 19:20:08
Signature Algorithm: sha256RSA
Serial Number: 33 00 00 04 5F F3 C9 6C 1A 7F F7 DA 1D 00 00 00 00 04 5F
Microsoft Windows Production PCA 2011 #2 Chain
Validity Period: 2011-10-19 18:41:42 → 2026-10-19 18:51:42
Signature Algorithm: sha256RSA
Serial Number: 61 07 76 56 00 00 00 00 00 08
Microsoft Time-Stamp Service #3 Chain
Validity Period: 2023-12-06 18:46:02 → 2025-03-05 18:46:02
Signature Algorithm: sha256RSA
Serial Number: 33 00 00 01 F3 C5 0A 43 AE 03 CC 1D 31 00 01 00 00 01 F3
Microsoft Time-Stamp PCA 2010 #4 Chain
Validity Period: 2021-09-30 18:22:25 → 2030-09-30 18:32:25
Signature Algorithm: sha256RSA
Serial Number: 33 00 00 00 15 C5 E7 6B 9E 02 9B 49 99 00 00 00 00 00 15

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

OK

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
This file passed all security checks, but stay vigilant. New malware variants appear daily that can evade detection. Always verify files come from official sources and check digital signatures when available.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware