Reason Labs

ntdll.dll

NT Layer DLL

Microsoft Corporation

NTDLL is a library that exports the Native Windows API (undocumented) used by user-mode components of the operating system to implement many of the kernel APIs exported by the kernel32 library. It is included with the Windows 7 OS. The file has been seen being downloaded from es.originaldll.com.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft® Windows® Operating System

Description:
NT Layer DLL

 
Part of the Windows 7 Operating System

Version:
6.1.7600.16385 (win7_rtm.090713-1255)

MD5:
e73b0f1819602cb6ef176fb78d76a47b

SHA-1:
3a2bae6036ff2d23309a7b93ab562494c50df236

SHA-256:
54b000d3cafe32aa7541437f6aa0950ee0a23624ecb6b3d07855e5c0f1f9e77d

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/25/2019 9:53:56 AM UTC  (today)

File size:
1.2 MB (1,292,080 bytes)

Product version:
6.1.7600.16385

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
ntdll.dll.mui

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\windows\syswow64\ntdll.dll

Digital Signature
Authority:
Microsoft Corporation

Valid from:
2/14/2011 4:11:44 PM

Valid to:
5/14/2012 5:11:44 PM

Subject:
CN=Microsoft Windows, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Windows Verification PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
61030556000000000010

File PE Metadata
Compilation timestamp:
11/17/2011 12:28:47 AM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
24576:+2I3PYoRHNMWnzmMrVT4K43cx51rlXWT3Nl66a4AgREdH:+X/YoRHNMWnzHuxcxdXWrO4AgREdH

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, D8, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.1910

Code size:
855 KB (875,520 bytes)

The file ntdll.dll has been seen being distributed by the following URL.

There are numerous known variations of ntdll.dll by Microsoft Corporation.

Clean
ntdll.dll  6.1.7600.16385 (win7_rtm.090713-1255)  (44105dac0a891b201993ed61e9493b83a748b87a)

Clean
ntdll.dll  10.0.15058.0 (WinBuild.160101.0800)  (4c4c7cc1685a9847b2318f547c929e0db869ca8b)

Clean
ntdll.dll  10.0.15055.0 (WinBuild.160101.0800)  (4a7f19a4e591d474b84ec6504b4ca25799d68d5e)

Clean
ntdll.dll  10.0.15055.0 (WinBuild.160101.0800)  (64cc177b3be767805cfcdcef944b8aae8611ef22)

Clean
ntdll.dll  10.0.15048.0 (WinBuild.160101.0800)  (ae496ddc6e0524dfb4f99aec41c5c5a856fc5e2a)

Clean
ntdll.dll  10.0.15046.0 (WinBuild.160101.0800)  (60e4c9fe12979847cb3b07e85f9b21a56a279feb)

Clean
ntdll.dll  10.0.15046.0 (WinBuild.160101.0800)  (09cfcda711af7ee6afed8636d5a817c750de8dce)

Clean
ntdll.dll  10.0.15046.0 (WinBuild.160101.0800)  (cbee1f57b02fba1c733a7ab85ed46f811c5797b1)

Clean
ntdll.dll  10.0.15042.0 (rs2_release.170219-2329)  (ce441368a2c38b9ca1bba451a28f38ecd5f2289a)

Clean
ntdll.dll  10.0.15042.0 (rs2_release.170219-2329)  (711ede712cdc295567f18d7deee193a17fd609c5)

Clean
ntdll.dll  10.0.15031.0 (rs2_release.170204-1546)  (a163e40c0364f7c00ddc58aa31eb2f5bf6d48c91)

Clean
ntdll.dll  10.0.15031.0 (rs2_release.170204-1546)  (ab50faa142d4c521a6fc1bd6d8bac32a6efc5ddb)

Clean
ntdll.dll  10.0.15025.1000 (rs_prerelease.170127-1750)  (18abcd52c1014bfac2807c491eee4954d04e6e05)

Clean
ntdll.dll  10.0.15025.1000 (rs_prerelease.170127-1750)  (6e6b6175c65f35fb5c31227ce3be4e85e5600ad8)

Clean
ntdll.dll  10.0.15019.1000 (rs_prerelease.170121-1513)  (1d335ca306d89d649d4e6eb0cb15a4b6edeb7424)

Clean
rsaenh.dll  (a1c8e3e6ee44dcb68752d44b3b6f4ecce89c388d)

Clean
bcryptprimitives.dll  (f76bb1b4d0ad47f68f8381281f87839304c252ea)

Clean
sqmapi.dll  (2fcd13bd14c631279ce4c5fd96b448d4dded5b11)

Clean
wuapi.dll  (46eed9639adc4e9cc6e2f5db5edf992b031928d8)

Clean
wuauclt.exe  (883d5312d7f6bf03ab56761ff110784e4ba2edec)

Clean
wups2.dll  (9a68d7eed00c944a51c8c53caeb3c9e23db6106b)

Clean
fveapi.dll  (1700a976565404226ff0704e4e2d9d8410bc6721)

Clean
wuaueng.dll  (64a55a014a2de34f86f17cfa31c727e270fcd83f)

Clean
dssenh.dll  (e395683841b965d1f224413f2e3339091f51add8)

Clean
dxwebsetup.exe  (3c8243734cf43dd7bb2332ba05b58ccacfa4377c)

Clean
portqryui.exe  (aa59ac1f61e87fd08ae371743b9aa12e16cc9d9a)

Clean
acpi.sys  (54fb26c69829d3f1d0774d4e608327ffefa34d76)

Clean
atapi.sys  (954d59eaeadc36cb19a224a5dddfa1edcfdc49ce)

Clean
clfs.sys  (df95d1fe3fcc8417da0ae9479612b7be398b36a4)

Clean
cng.sys  (c0f3a5bc240d2d26fa7e23bf27dc5a4876ff5296)

Clean
compbatt.sys  (f8c102dee71e1daa6f7db9b1183348887bb08275)

Download Reason Core Security - Powerful anti-malware software