home

ramirr.sys

RemotelyAnywhere

3am Labs, Inc.

It runs as a Windows kernel mode device driver named “ramirr”.
Publisher:
3am Labs, Inc.  (signed and verified)

Product:
RemotelyAnywhere

Description:
RemotelyAnywhere Mirror Miniport Driver

Version:
5.34.436

MD5:
d0685a95947056db2af42f6e3cdcdde1

SHA-1:
1a4f39b6cce3ef51580af6b8d07d09d90f066c4c

SHA-256:
caac2bb9b9d2c60e46f17118637f1261ef17d58217f5682df6c6f6dc8e1213f1

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 5:04:43 PM UTC  (today)

File size:
7.3 KB (7,424 bytes)

Product version:
5.34.436

Copyright:
Copyright © 1998-2004 3am Labs, Inc. All rights reserved.

Original file name:
ramirr.sys

File type:
Driver (Win32 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\ramirr.sys

Digital Signature
Signed by:
3am Labs, Inc.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
10/7/2004 10:06:28 PM

Valid to:
10/7/2005 10:06:28 PM

Subject:
CN="3am Labs, Inc.", OU=Secure Application Development, O="3am Labs, Inc.", L=Woburn, S=Massachusetts, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
3EAC5F

File PE Metadata
Compilation timestamp:
8/18/2004 11:14:49 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
7.0

Entry address:
0x33A

Entry point:
55, 8B, EC, 83, EC, 50, 6A, 50, 8D, 45, B0, 50, FF, 15, 00, 04, 01, 00, 33, C0, 50, 89, 45, F0, 89, 45, F4, 89, 45, C8, 89, 45, B4, 8D, 45, B0, 50, FF, 75, 0C, C7, 45, B0, 50, 00, 00, 00, FF, 75, 08, C7, 45, B8, 1A, 03, 01, 00, C7, 45, BC, 06, 03, 01, 00, C7, 45, C4, 20, 03, 01, 00, C7, 45, D0, 00, 03, 01, 00, C7, 45, C0, 06, 03, 01, 00, C7, 45, E0, 0C, 03, 01, 00, C7, 45, DC, 0C, 03, 01, 00, C7, 45, E4, 12, 03, 01, 00, FF, 15, 04, 04, 01, 00, C9, C2, 08, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.3754

Developed / compiled with:
Microsoft Visual C++

Code size:
384 Bytes (384 bytes)

Driver
Display name:
ramirr

Type:
Kernel device driver (KernelDriver)

Group:
Video


Scan ramirr.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.