| 文件名 | ntoskrnl.exe |
| 文件类型 |
PE32+ executable (native) x86-64, for MS Windows
|
| 扫描器版本 | 1.0.210.174 |
| 数据库版本 | 2025-03-13 00:00:48 UTC |
我们的扫描器未检测到威胁
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
69cd64e3fb9aa35a9a7525dcb9e37e51
|
|
| SHA1 |
3c908405db496205d0ad7057dad7b7ad85dae8a9
|
|
| SHA256 |
00bddcb825d2bbc566c6ffd80b5d41db1c49dba3f6dae68b3dc66676040a5bd3
|
|
| SHA512 |
a6b712a82f2e2d2f65a6ec3c2ff31488a17c4f6cb8056b66052c3befa45bd6d998829ae8b6c7445a4ea914859f474ad12d3326ce507badb3c05e88fee6255d0e
|
|
| ImpHash |
e0e869bbd92f59b58e146ba81eee3f6d
|
| 映像基址 | 0x140000000 |
| 入口点 | 0x140993010 |
| 编译时间 | 2023-09-26 06:53:33 |
| 校验和 | 0x00a6c1a4 (实际: 0x00a6c1a4) |
| 操作系统版本 | 10.0 |
| PEiD 签名 |
PE32+ executable (native) x86-64, for MS Windows
|
| PDB 路径 | ntkrnlmp.pdb |
| 数字签名 | OK |
| 导入 | 17 库 |
| 导出 | 3093 函数 |
| 资源 | 10 资源 |
| 节 | 33 节 |
| CompanyName | Microsoft Corporation |
| FileDescription | NT Kernel & System |
| FileVersion | 10.0.19041.5486 (WinBuild.160101.0800) |
| InternalName | ntkrnlmp.exe |
| LegalCopyright | © Microsoft Corporation. All rights reserved. |
| OriginalFilename | ntkrnlmp.exe |
| ProductName | Microsoft® Windows® Operating System |
| ProductVersion | 10.0.19041.5486 |
| Translation | 0x0409 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.rdata |
0x00001000 |
819,872 bytes | 820,224 bytes | 5.88 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ
|
2D53922B7D20EE461FF1F3560A13A917 |
.pdata |
0x000ca000 |
424,416 bytes | 424,448 bytes | 6.54 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ
|
DD830BDC22FBC741FA8A4C1298A3B0B4 |
.idata |
0x00132000 |
8,386 bytes | 8,704 bytes | 4.76 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ
|
4F14B29BEB7F0E2E44288AE25925C434 |
.edata |
0x00135000 |
101,758 bytes | 101,888 bytes | 6.03 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
CFBD95741A52C890F04B5C4D71A38C93 |
PROTDATA |
0x0014e000 |
1 bytes | 512 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ
|
BF619EAC0CDF3F68D496EA9344137E8B |
GFIDS |
0x0014f000 |
35,912 bytes | 36,352 bytes | 5.41 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
4CF1A4C679D771E4AAC9784B1ACFE5B4 |
Pad1 |
0x00158000 |
688,128 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
.text |
0x00200000 |
3,985,769 bytes | 3,985,920 bytes | 6.54 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
033B8D3DA648D0C2FB00308927E7F1C5 |
PAGE |
0x005ce000 |
3,951,350 bytes | 3,951,616 bytes | 6.50 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
FD5D9618C60137458BDF8086BE83A4B8 |
PAGELK |
0x00993000 |
151,300 bytes | 151,552 bytes | 6.54 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
BD28331E179C6E1DBDB23A568C5406E3 |
POOLCODE |
0x009b8000 |
1,163 bytes | 1,536 bytes | 5.14 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
74B3E29376397AE907C3BDF6F820162B |
PAGEKD |
0x009b9000 |
23,442 bytes | 23,552 bytes | 6.49 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
0443949D764DBF79F3074A1A80FD64F3 |
PAGEVRFY |
0x009bf000 |
205,068 bytes | 205,312 bytes | 6.41 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
2F30ACABC0780D7F62E41C1840856537 |
PAGEHDLS |
0x009f2000 |
9,686 bytes | 9,728 bytes | 6.28 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
EDC12BB904154D84D41258C01A636F5C |
PAGEBGFX |
0x009f5000 |
27,098 bytes | 27,136 bytes | 6.55 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
2112A49F6A6B9573A7244A28155200BF |
INITKDBG |
0x009fc000 |
103,866 bytes | 103,936 bytes | 6.29 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
132BD1321C2B98EBE6700F947897A7A6 |
TRACESUP |
0x00a16000 |
5,979 bytes | 6,144 bytes | 6.21 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
002161DB8C7DC616649D23962904457A |
KVASCODE |
0x00a18000 |
9,259 bytes | 9,728 bytes | 5.40 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
DA23309E877325ECCD06C9125449A019 |
RETPOL |
0x00a1b000 |
1,824 bytes | 2,048 bytes | 4.64 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
7476413DAD08097E4708671966C48AAB |
MINIEX |
0x00a1c000 |
9,646 bytes | 9,728 bytes | 5.93 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
43C06F6F07DD23927B5695F4BEA561D9 |
INIT |
0x00a1f000 |
567,080 bytes | 567,296 bytes | 6.40 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
085E8C34299565E7FCFF52307725C0C4 |
Pad2 |
0x00aaa000 |
1,400,832 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
.data |
0x00c00000 |
1,025,424 bytes | 77,824 bytes | 1.29 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
25E228245701E54552550DE892A9B867 |
ALMOSTRO |
0x00cfb000 |
160,480 bytes | 5,120 bytes | 2.83 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
56E686C96781267783E1DDA6D4A48D5E |
CACHEALI |
0x00d23000 |
37,568 bytes | 512 bytes | 0.16 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
8F35CB33CC79A0D5EB136F8B15785BD3 |
PAGEDATA |
0x00d2d000 |
83,472 bytes | 6,144 bytes | 2.17 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D2BC23BD5C237CE20596DBC644750FA5 |
PAGEVRFD |
0x00d42000 |
89,344 bytes | 32,768 bytes | 2.89 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
B4CA172CBF0A41540A3B5A9ECAFE6B87 |
INITDATA |
0x00d58000 |
113,732 bytes | 2,048 bytes | 2.38 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
25C7D86DC11AF4943C51BCD20760CFC3 |
Pad3 |
0x00d74000 |
573,440 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
CFGRO |
0x00e00000 |
7,368 bytes | 7,680 bytes | 0.11 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
E633F078657052BF3AFA259CD4304E52 |
Pad4 |
0x00e02000 |
2,088,960 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.rsrc |
0x01000000 |
241,720 bytes | 242,176 bytes | 2.19 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
16DC94E4858FAE510C8F251E45B9F1B4 |
.reloc |
0x0103c000 |
40,032 bytes | 40,448 bytes | 5.83 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
0296118517D50B84F5F1CCDA09899613 |
5 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_BITMAP | 7 | 190,520 字节 | |
| RT_RCDATA | 1 | 32,312 字节 | |
| RT_MESSAGETABLE | 1 | 17,320 字节 | |
| RT_VERSION | 1 | 924 字节 |
| 产品 | Microsoft® Windows® Operating System |
| 描述 | NT Kernel & System |
| 文件版本 | 10.0.19041.5486 (WinBuild.160101.0800) |
| 原始名称 | ntkrnlmp.exe |
| 签名日期 | 05:01 AM 01/23/2025 (234 天前) |
| 验证状态 | Signed |
| 签名者 | Microsoft Windows; Microsoft Windows Production PCA 2011; Microsoft Root Certificate Authority 2010 |
| 副签名者 | Microsoft Time-Stamp Service; Microsoft Time-Stamp PCA 2010; Microsoft Root Certificate Authority 2010 |
| 内部名称 | ntkrnlmp.exe |
| 版权 | © Microsoft Corporation. All rights reserved. |
33 00 00 04 A7 04 3E E4 22 C8 34 FA FC 00 00 00 00 04 A761 07 76 56 00 00 00 00 00 0833 00 00 01 F9 1F 67 8D 75 AB A4 F1 B1 00 01 00 00 01 F933 00 00 00 15 C5 E7 6B 9E 02 9B 49 99 00 00 00 00 00 15✓ 此文件已进行数字签名,证书链已验证。
OK
Gridinsoft Anti-Malware 拥有更强大的病毒扫描引擎。我们建议使用它来更准确地诊断受感染的系统。这个简短的指南将帮助您安装我们的旗舰产品以进行更准确的诊断:
下载反恶意软件此文件看起来是干净的,但定期的安全维护很重要
