× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: a9b7a8c65da08f88953cf412b167f11f8a120dfbece9c7d37fe24bbaf74dc32e
Имя файла: ntkrnlpx_old.exe
Показатель выявления: 0 / 51
Дата анализа: 2014-04-28 19:58:19 UTC (4 лет, 10 месяцев назад)
Антивирус Результат Дата обновления
Ad-Aware 20140428
AegisLab 20140428
Yandex 20140428
AhnLab-V3 20140428
AntiVir 20140428
Antiy-AVL 20140428
Avast 20140428
AVG 20140428
Baidu-International 20140428
BitDefender 20140428
Bkav 20140428
ByteHero 20140428
CAT-QuickHeal 20140428
ClamAV 20140428
CMC 20140424
Commtouch 20140428
Comodo 20140428
DrWeb 20140428
Emsisoft 20140428
ESET-NOD32 20140428
F-Prot 20140427
F-Secure 20140428
Fortinet 20140428
GData 20140428
Ikarus 20140428
Jiangmin 20140428
K7AntiVirus 20140428
K7GW 20140428
Kaspersky 20140428
Kingsoft 20140428
Malwarebytes 20140428
McAfee 20140428
McAfee-GW-Edition 20140428
Microsoft 20140428
eScan 20140428
NANO-Antivirus 20140428
Norman 20140428
nProtect 20140427
Panda 20140427
Qihoo-360 20140428
Rising 20140428
Sophos AV 20140428
SUPERAntiSpyware 20140428
Symantec 20140428
TheHacker 20140426
TotalDefense 20140428
TrendMicro 20140428
TrendMicro-HouseCall 20140428
VBA32 20140428
VIPRE 20140428
ViRobot 20140428
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft® Windows® Operating System
Original name ntkrpamp.exe
Internal name ntkrpamp.exe
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description NT Kernel & System
Signature verification The digital signature of the object did not verify.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-11-20 08:42:49
Entry Point 0x0011F4D8
Number of sections 22
PE sections
PE imports
VidSetScrollRegion
VidScreenToBufferBlt
VidSolidColorFill
VidCleanUp
VidInitialize
VidResetDisplay
VidBufferToScreenBlt
VidBitBlt
VidSetTextColor
VidDisplayString
CiInitialize
ClfsReadNextLogRecord
ClfsFlushToLsn
ClfsLsnDifference
ClfsTerminateReadLog
ClfsLsnContainer
ClfsReadRestartArea
ClfsAddLogContainer
ClfsReserveAndAppendLog
ClfsMgmtRegisterManagedClient
ClfsCreateLogFile
ClfsMgmtDeregisterManagedClient
ClfsPrivGetBaseLogFileFromFileObjectPointer
ClfsCloseLogFileObject
ClfsAdvanceLogBase
ClfsLsnGreater
ClfsLsnInvalid
ClfsLsnEqual
ClfsLsnLess
ClfsMgmtInstallPolicy
ClfsMgmtHandleLogFileFull
CLFS_LSN_NULL
ClfsMgmtTailAdvanceFailure
ClfsCreateMarshallingArea
ClfsReserveAndAppendLogAligned
ClfsGetLogFileInformation
ClfsDeleteMarshallingArea
CLFS_LSN_INVALID
ClfsDeleteLogByPointer
ClfsWriteRestartArea
ClfsReadLogRecord
ClfsMgmtSetLogFileSize
READ_PORT_USHORT
KfReleaseSpinLock
KeRaiseIrqlToDpcLevel
KeRaiseIrqlToSynchLevel
WRITE_PORT_USHORT
HalInitializeProcessor
HalSetProfileInterval
HalStopProfileInterrupt
KfRaiseIrql
HalAllocateCrashDumpRegisters
HalQueryMaximumProcessorCount
HalInitSystem
KeAcquireQueuedSpinLockRaiseToSynch
HalEnableInterrupt
HalRegisterDynamicProcessor
KeAcquireInStackQueuedSpinLock
HalDisableInterrupt
HalInitializeOnResume
KeRaiseIrql
IoFlushAdapterBuffers
KeLowerIrql
KeFlushWriteBuffer
HalReadDmaCounter
KeReleaseQueuedSpinLock
HalRequestIpi
HalClearSoftwareInterrupt
HalTranslateBusAddress
HalGetProcessorIdByNtNumber
HalEnumerateEnvironmentVariablesEx
KeGetCurrentIrql
HalRegisterErrataCallbacks
HalAllocateAdapterChannel
KfAcquireSpinLock
HalSetEnvironmentVariable
HalGetInterruptVector
KeStallExecutionProcessor
HalStartProfileInterrupt
KeReleaseSpinLock
KeAcquireQueuedSpinLock
HalRequestSoftwareInterrupt
HalQueryEnvironmentVariableInfoEx
READ_PORT_ULONG
WRITE_PORT_UCHAR
HalSetRealTimeClock
KeTryToAcquireQueuedSpinLockRaiseToSynch
READ_PORT_UCHAR
HalGetEnvironmentVariableEx
HalReportResourceUsage
HalGetAdapter
KeAcquireSpinLock
HalRequestClockInterrupt
HalEndSystemInterrupt
KeAcquireInStackQueuedSpinLockRaiseToSynch
KeTryToAcquireQueuedSpinLock
HalStartNextProcessor
HalGetMessageRoutingInfo
HalGetEnvironmentVariable
HalStartDynamicProcessor
HalBeginSystemInterrupt
HalReturnToFirmware
HalHandleNMI
IoFreeAdapterChannel
HalGetInterruptTargetInformation
IoMapTransfer
HalSetEnvironmentVariableEx
HalGetVectorInput
HalQueryRealTimeClock
KeReleaseInStackQueuedSpinLock
WRITE_PORT_ULONG
HalInitializeBios
KfLowerIrql
HalSetBusDataByOffset
KeQueryPerformanceCounter
IoFreeMapRegisters
HalAllProcessorsStarted
HalCalibratePerformanceCounter
HalProcessorIdle
HalSystemVectorDispatchEntry
HalGetBusDataByOffset
HalSetTimeIncrement
HalAllocateCommonBuffer
HalFreeCommonBuffer
KdD3Transition
KdReceivePacket
KdDebuggerInitialize0
KdRestore
KdSave
KdD0Transition
KdSendPacket
KdDebuggerInitialize1
PshedFinalizeErrorRecord
PshedClearErrorRecord
PshedDisableErrorSource
PshedAttemptErrorRecovery
PshedFreeMemory
PshedGetInjectionCapabilities
PshedReadErrorRecord
PshedInjectError
PshedIsSystemWheaEnabled
PshedGetAllErrorSources
PshedAllocateMemory
PshedInitialize
PshedBugCheckSystem
PshedSetErrorSourceInfo
PshedGetBootErrorPacket
PshedWriteErrorRecord
PshedEnableErrorSource
PE exports
Number of PE resources by type
RT_BITMAP 7
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 9
PE resources
ExifTool file metadata
SubsystemVersion
6.1

LinkerVersion
9.0

ImageVersion
6.1

FileSubtype
0

FileVersionNumber
6.1.7601.17514

UninitializedDataSize
10240

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
786944

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2010:11:20 09:42:49+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ntkrpamp.exe

FileAccessDate
2014:04:28 20:59:03+01:00

ProductVersion
6.1.7601.17514

FileDescription
NT Kernel & System

OSVersion
6.1

FileCreateDate
2014:04:28 20:59:03+01:00

OriginalFilename
ntkrpamp.exe

Subsystem
Native

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
3431936

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17514

EntryPoint
0x11f4d8

ObjectFileType
Executable application

File identification
MD5 51bafd4ed7efaed91f7e54d576e48921
SHA1 aa4a07d4a866ab4fe0c2ee05285d3d2e66a7b2b2
SHA256 a9b7a8c65da08f88953cf412b167f11f8a120dfbece9c7d37fe24bbaf74dc32e
ssdeep
98304:RbiEkmnft4PdpR2j50Aj4Ouenmur2uuh0akWy:R6mnft4FpR2j50AjKem/uuh0l

imphash d73106b4d443d73bdf3120baad69a700
Размер файла 3.8 MБ ( 3966848 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (native) Intel 80386 32-bit

TrID Win64 Executable (generic) (38.6%)
Windows Screen Saver (18.3%)
OS/2 Executable (generic) (16.1%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.3%)
Tags
peexe native

VirusTotal metadata
First submission 2013-08-10 13:42:51 UTC (5 лет, 7 месяцев назад)
Last submission 2014-04-28 19:58:19 UTC (4 лет, 10 месяцев назад)
Имена файлов ntkrnlpx.exe
ntkrnlpx_old.exe
ntkrpamp.exe
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!