× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f81436ac0d2b19a6060921f4c398d43cdd1ba08efd8cc8875d037f23389bc572
File name: ntoskrnl.exe
Detection ratio: 0 / 46
Analysis date: 2013-08-31 14:38:37 UTC ( 5 years, 7 months ago )
Antivirus Result Update
Yandex 20130830
AhnLab-V3 20130831
AntiVir 20130831
Antiy-AVL 20130830
Avast 20130831
AVG 20130831
BitDefender 20130831
ByteHero 20130828
CAT-QuickHeal 20130831
ClamAV 20130831
Commtouch 20130831
Comodo 20130831
DrWeb 20130831
Emsisoft 20130831
ESET-NOD32 20130831
F-Prot 20130831
F-Secure 20130831
Fortinet 20130831
GData 20130831
Ikarus 20130831
Jiangmin 20130831
K7AntiVirus 20130830
K7GW 20130830
Kaspersky 20130831
Kingsoft 20130829
Malwarebytes 20130831
McAfee 20130831
McAfee-GW-Edition 20130831
Microsoft 20130831
eScan 20130831
NANO-Antivirus 20130831
Norman 20130831
nProtect 20130830
Panda 20130831
PCTools 20130831
Rising 20130830
Sophos AV 20130831
SUPERAntiSpyware 20130831
Symantec 20130831
TheHacker 20130830
TotalDefense 20130830
TrendMicro 20130831
TrendMicro-HouseCall 20130831
VBA32 20130830
VIPRE 20130831
ViRobot 20130831
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem.
FileVersionInfo properties
Copyright
© ?????????? ??????????. ??? ????? ????????.

Publisher ?????????? ??????????
Product ???????????? ??????? Microsoft® Windows®
Version 5.1.2600.6055
Original name ntkrnlmp.exe
Internal name ntkrnlmp.exe
File version 5.1.2600.6055 (xpsp_sp3_qfe.101209-1646)
Description ????????? ?????? ???? NT
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-12-09 13:47:15
Entry Point 0x001EBABF
Number of sections 21
PE sections
PE imports
VidSetScrollRegion
VidScreenToBufferBlt
VidBitBlt
VidCleanUp
VidInitialize
VidResetDisplay
VidBufferToScreenBlt
VidSolidColorFill
VidSetTextColor
VidDisplayString
READ_PORT_USHORT
KfReleaseSpinLock
KeRaiseIrqlToSynchLevel
WRITE_PORT_USHORT
KeStallExecutionProcessor
HalSetProfileInterval
HalStopProfileInterrupt
KeReleaseInStackQueuedSpinLock
HalSetRealTimeClock
HalEnableSystemInterrupt
KeAcquireQueuedSpinLockRaiseToSynch
HalRequestSoftwareInterrupt
KeAcquireInStackQueuedSpinLock
KeRaiseIrql
READ_PORT_UCHAR
KeLowerIrql
KeFlushWriteBuffer
HalReadDmaCounter
KeReleaseQueuedSpinLock
KfLowerIrql
HalClearSoftwareInterrupt
KeRaiseIrqlToDpcLevel
KeAcquireQueuedSpinLock
HalAllocateAdapterChannel
IoMapTransfer
HalGetInterruptVector
HalInitializeProcessor
HalSetEnvironmentVariable
IoFreeMapRegisters
KeReleaseSpinLock
HalAllProcessorsStarted
READ_PORT_ULONG
WRITE_PORT_UCHAR
HalInitSystem
HalAllocateCrashDumpRegisters
ExAcquireFastMutex
IoFlushAdapterBuffers
KfAcquireSpinLock
HalTranslateBusAddress
KeAcquireSpinLock
HalSetTimeIncrement
HalEndSystemInterrupt
ExTryToAcquireFastMutex
KeTryToAcquireQueuedSpinLock
KeQueryPerformanceCounter
HalStartProfileInterrupt
ExReleaseFastMutex
HalGetEnvironmentVariable
KfRaiseIrql
HalBeginSystemInterrupt
HalReturnToFirmware
HalHandleNMI
IoFreeAdapterChannel
KeGetCurrentIrql
KeAcquireSpinLockRaiseToSynch
KeAcquireInStackQueuedSpinLockRaiseToSynch
HalQueryRealTimeClock
HalDisableSystemInterrupt
WRITE_PORT_ULONG
HalRequestIpi
HalSetBusDataByOffset
HalStartNextProcessor
HalReportResourceUsage
HalCalibratePerformanceCounter
HalGetAdapter
HalSystemVectorDispatchEntry
HalGetBusDataByOffset
HalAllocateCommonBuffer
HalFreeCommonBuffer
KdD3Transition
KdReceivePacket
KdDebuggerInitialize0
KdRestore
KdSave
KdD0Transition
KdSendPacket
KdDebuggerInitialize1
PE exports
Number of PE resources by type
RT_BITMAP 11
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 13
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
423936

ImageVersion
5.1

ProductName
Microsoft Windows

FileVersionNumber
5.1.2600.6055

LanguageCode
Russian

FileFlagsMask
0x003f

FileDescription
NT

CharacterSet
Unicode

LinkerVersion
7.1

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

Subsystem
Native

FileVersion
5.1.2600.6055 (xpsp_sp3_qfe.101209-1646)

TimeStamp
2010:12:09 13:47:15+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
ntkrnlmp.exe

ProductVersion
5.1.2600.6055

SubsystemVersion
5.1

OSVersion
5.1

OriginalFilename
ntkrnlmp.exe

LegalCopyright
. .

MachineType
Intel 386 or later, and compatibles

CompanyName

CodeSize
1864704

FileSubtype
0

ProductVersionNumber
5.1.2600.6055

EntryPoint
0x1ebabf

ObjectFileType
Executable application

File identification
MD5 85aa870a496fbd31a4ac999648d47746
SHA1 b60bafdab5d8b8accf94d99c128adfb620fc0463
SHA256 f81436ac0d2b19a6060921f4c398d43cdd1ba08efd8cc8875d037f23389bc572
ssdeep
24576:8i7RE6RYCRSFuNczA8UTKht9Zy4svNIuTSOX+ANg8pDLDhUFqXHkUCXB/lTb1y7:jipQioTm/yuqNR5CxTWIGTF7eyLG

File size 2.2 MB ( 2290176 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (native) Intel 80386 32-bit

TrID OS/2 Executable (generic) (43.3%)
Win32 Dynamic Link Library (generic) (24.7%)
Win32 Executable (generic) (16.9%)
Generic Win/DOS Executable (7.5%)
DOS Executable Generic (7.5%)
Tags
peexe

VirusTotal metadata
First submission 2011-06-09 14:31:01 UTC ( 7 years, 10 months ago )
Last submission 2013-08-31 14:38:37 UTC ( 5 years, 7 months ago )
File names ntkrnlmp.exe
NTOSKRNL.EXE
ntoskrnl.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!