home

Mama.sys

NGO

It runs as a Windows 64-bit kernel mode device driver named “Mama generic hardware access driver”.
Publisher:
Alexander Choporov aka CoolCmd  (signed by NGO)

Description:
Mama Hardware Access Driver

Version:
4.1.2

MD5:
5cfd607f938f36f4899eca4eff53d07d

SHA-1:
da714c9ca2ba118d9c008fc6f916fee46915efed

SHA-256:
ad707f819c44d0cc0e9b2f422d68e2cdc58935a0470d7bb2f929736033b04957

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/8/2024 7:08:43 PM UTC  (today)

File size:
5.9 KB (6,016 bytes)

Copyright:
© Alexander Choporov aka CoolCmd, 2008-2009

Trademarks:
Bill Gates is a registered trademark of Microsoft :)

Original file name:
Mama.sys

File type:
Driver (Win64 SYS)

Common path:
C:\Windows\System32\drivers\mama.sys

Digital Signature
Signed by:
NGO

Authority:
NGO

Valid from:
8/23/2009 10:05:44 PM

Valid to:
1/1/2040 9:59:59 AM

Subject:
CN=NGO

Issuer:
CN=NGO

Serial number:
19EEEB4168B22F8043BE54FC568F8D23

File PE Metadata
Compilation timestamp:
10/12/2009 6:41:04 PM

OS version:
6.1

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
96:kXkyHxi0+JK5oWOoMuLha/a1eGOgQxMEwS:jy4FIOWLMzCUGO52FS

Entry address:
0xC00

Entry point:
4C, 8B, DC, 49, 89, 5B, 08, 57, 48, 83, EC, 60, B8, 18, 00, 00, 00, BF, 22, 00, 00, 00, 4D, 8D, 43, D8, 66, 89, 44, 24, 40, B8, 1A, 00, 00, 00, 33, D2, 66, 89, 44, 24, 42, 48, 8D, 05, AE, 00, 00, 00, 44, 8B, CF, 49, 89, 43, E0, 49, 8D, 43, 18, 48, 8B, D9, 49, 89, 43, C8, C6, 44, 24, 28, 00, C7, 44, 24, 20, 00, 01, 00, 00, FF, 15, 71, F6, FF, FF, 85, C0, 78, 75, 8D, 47, FE, 48, 8D, 54, 24, 40, 48, 8D, 4C, 24, 50, 66, 89, 44, 24, 50, 48, 8D, 05, 8C, 00, 00, 00, 66, 89, 7C, 24, 52, 48, 89, 44, 24, 58, FF, 15...
 
[+]

Code size:
3 KB (3,072 bytes)

Driver
Display name:
Mama generic hardware access driver

Service name:
Mama

Type:
Kernel device driver (KernelDriver)


Scan Mama.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.