× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: e2fabd65e41c7dbc66ae6c191ad80dfd515b2f72f011a7a6a74019e8aa2e6ae7
Имя файла: ntkrnlpx.exe
Показатель выявления: 0 / 51
Дата анализа: 2014-04-28 19:40:41 UTC (4 лет, 8 месяцев назад)
Антивирус Результат Дата обновления
Ad-Aware 20140428
AegisLab 20140428
Yandex 20140428
AhnLab-V3 20140428
AntiVir 20140428
Antiy-AVL 20140428
Avast 20140428
AVG 20140428
Baidu-International 20140428
BitDefender 20140428
Bkav 20140428
ByteHero 20140428
CAT-QuickHeal 20140428
ClamAV 20140428
CMC 20140424
Commtouch 20140428
Comodo 20140428
DrWeb 20140428
Emsisoft 20140428
ESET-NOD32 20140428
F-Prot 20140427
F-Secure 20140428
Fortinet 20140428
GData 20140428
Ikarus 20140428
Jiangmin 20140428
K7AntiVirus 20140428
K7GW 20140428
Kaspersky 20140428
Kingsoft 20140428
Malwarebytes 20140428
McAfee 20140428
McAfee-GW-Edition 20140428
Microsoft 20140428
eScan 20140428
NANO-Antivirus 20140428
Norman 20140428
nProtect 20140427
Panda 20140427
Qihoo-360 20140428
Rising 20140428
Sophos AV 20140428
SUPERAntiSpyware 20140428
Symantec 20140428
TheHacker 20140426
TotalDefense 20140428
TrendMicro 20140428
TrendMicro-HouseCall 20140428
VBA32 20140428
VIPRE 20140428
ViRobot 20140428
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft® Windows® Operating System
Original name ntkrpamp.exe
Internal name ntkrpamp.exe
File version 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Description NT Kernel & System
Signature verification The digital signature of the object did not verify.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-29 00:58:30
Entry Point 0x0011E4F0
Number of sections 22
PE sections
PE imports
VidSetScrollRegion
VidScreenToBufferBlt
VidSolidColorFill
VidCleanUp
VidInitialize
VidResetDisplay
VidBufferToScreenBlt
VidBitBlt
VidSetTextColor
VidDisplayString
CiInitialize
ClfsReadNextLogRecord
ClfsFlushToLsn
ClfsLsnDifference
ClfsTerminateReadLog
ClfsLsnContainer
ClfsReadRestartArea
ClfsAddLogContainer
ClfsReserveAndAppendLog
ClfsMgmtRegisterManagedClient
ClfsCreateLogFile
ClfsMgmtDeregisterManagedClient
ClfsPrivGetBaseLogFileFromFileObjectPointer
ClfsCloseLogFileObject
ClfsAdvanceLogBase
ClfsLsnGreater
ClfsLsnInvalid
ClfsLsnEqual
ClfsLsnLess
ClfsMgmtInstallPolicy
ClfsMgmtHandleLogFileFull
CLFS_LSN_NULL
ClfsMgmtTailAdvanceFailure
ClfsCreateMarshallingArea
ClfsReserveAndAppendLogAligned
ClfsGetLogFileInformation
ClfsDeleteMarshallingArea
CLFS_LSN_INVALID
ClfsDeleteLogByPointer
ClfsWriteRestartArea
ClfsReadLogRecord
ClfsMgmtSetLogFileSize
READ_PORT_USHORT
KfReleaseSpinLock
KeRaiseIrqlToDpcLevel
KeRaiseIrqlToSynchLevel
WRITE_PORT_USHORT
HalInitializeProcessor
HalSetProfileInterval
HalStopProfileInterrupt
KfRaiseIrql
HalAllocateCrashDumpRegisters
HalQueryMaximumProcessorCount
HalInitSystem
KeAcquireQueuedSpinLockRaiseToSynch
HalEnableInterrupt
HalRegisterDynamicProcessor
KeAcquireInStackQueuedSpinLock
HalDisableInterrupt
HalInitializeOnResume
KeRaiseIrql
IoFlushAdapterBuffers
KeLowerIrql
KeFlushWriteBuffer
HalReadDmaCounter
KeReleaseQueuedSpinLock
HalRequestIpi
HalClearSoftwareInterrupt
HalTranslateBusAddress
HalGetProcessorIdByNtNumber
HalEnumerateEnvironmentVariablesEx
KeGetCurrentIrql
HalRegisterErrataCallbacks
HalAllocateAdapterChannel
KfAcquireSpinLock
HalSetEnvironmentVariable
HalGetInterruptVector
KeStallExecutionProcessor
HalStartProfileInterrupt
KeReleaseSpinLock
KeAcquireQueuedSpinLock
HalRequestSoftwareInterrupt
HalQueryEnvironmentVariableInfoEx
READ_PORT_ULONG
WRITE_PORT_UCHAR
HalSetRealTimeClock
KeTryToAcquireQueuedSpinLockRaiseToSynch
READ_PORT_UCHAR
HalGetEnvironmentVariableEx
HalReportResourceUsage
HalGetAdapter
KeAcquireSpinLock
HalRequestClockInterrupt
HalEndSystemInterrupt
KeAcquireInStackQueuedSpinLockRaiseToSynch
KeTryToAcquireQueuedSpinLock
HalStartNextProcessor
HalGetMessageRoutingInfo
HalGetEnvironmentVariable
HalStartDynamicProcessor
HalBeginSystemInterrupt
HalReturnToFirmware
HalHandleNMI
IoFreeAdapterChannel
HalGetInterruptTargetInformation
IoMapTransfer
HalSetEnvironmentVariableEx
HalGetVectorInput
HalQueryRealTimeClock
KeReleaseInStackQueuedSpinLock
WRITE_PORT_ULONG
HalInitializeBios
KfLowerIrql
HalSetBusDataByOffset
KeQueryPerformanceCounter
IoFreeMapRegisters
HalAllProcessorsStarted
HalCalibratePerformanceCounter
HalProcessorIdle
HalSystemVectorDispatchEntry
HalGetBusDataByOffset
HalSetTimeIncrement
HalAllocateCommonBuffer
HalFreeCommonBuffer
KdD3Transition
KdReceivePacket
KdDebuggerInitialize0
KdRestore
KdSave
KdD0Transition
KdSendPacket
KdDebuggerInitialize1
PshedFinalizeErrorRecord
PshedClearErrorRecord
PshedDisableErrorSource
PshedAttemptErrorRecovery
PshedFreeMemory
PshedGetInjectionCapabilities
PshedReadErrorRecord
PshedInjectError
PshedIsSystemWheaEnabled
PshedGetAllErrorSources
PshedAllocateMemory
PshedInitialize
PshedBugCheckSystem
PshedSetErrorSourceInfo
PshedGetBootErrorPacket
PshedWriteErrorRecord
PshedEnableErrorSource
PE exports
Number of PE resources by type
RT_BITMAP 7
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 9
PE resources
ExifTool file metadata
UninitializedDataSize
10240

InitializedDataSize
787456

ImageVersion
6.1

ProductName
Microsoft Windows Operating System

FileVersionNumber
6.1.7601.18247

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
NT Kernel & System

CharacterSet
Unicode

LinkerVersion
9.0

OriginalFilename
ntkrpamp.exe

MIMEType
application/octet-stream

Subsystem
Native

FileVersion
6.1.7601.18247 (win7sp1_gdr.130828-1532)

TimeStamp
2013:08:29 01:58:30+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ntkrpamp.exe

FileAccessDate
2014:04:28 20:40:58+01:00

ProductVersion
6.1.7601.18247

SubsystemVersion
6.1

OSVersion
6.1

FileCreateDate
2014:04:28 20:40:58+01:00

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
3433472

FileSubtype
0

ProductVersionNumber
6.1.7601.18247

EntryPoint
0x11e4f0

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 a02fe3ce4eefbed28eeda14d84d76f10
SHA1 e5f855296cc48150ad2ccacad8a1b8663597f802
SHA256 e2fabd65e41c7dbc66ae6c191ad80dfd515b2f72f011a7a6a74019e8aa2e6ae7
ssdeep
98304:+ZvMS2J9ln8EQp5vC4RZZDesZb+fqQUSAuK1Bn:Gv6J/nJM5K4RZRea+jWuK1Bn

imphash b39dcbd05360a7bf840c22c4dc39cad0
Размер файла 3.8 MБ ( 3969472 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (native) Intel 80386 32-bit

TrID Win64 Executable (generic) (38.6%)
Windows Screen Saver (18.3%)
OS/2 Executable (generic) (16.1%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.3%)
Tags
peexe native

VirusTotal metadata
First submission 2014-03-17 17:57:18 UTC (4 лет, 10 месяцев назад)
Last submission 2014-04-28 19:40:41 UTC (4 лет, 8 месяцев назад)
Имена файлов ntkrnlpx.exe
ntkrpamp.exe
ntkrnlpx.exe
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!