home

winmad.sys

OpenFabrics Windows

Microsoft Corporation

It runs as a Windows 64-bit kernel mode device driver named “WinMad Service”.
Publisher:
Mellanox  (signed by Microsoft Corporation)

Product:
OpenFabrics Windows

Description:
Kernel WinMad

Version:
4.4.13905

MD5:
a5649d67af422878ad9614768efc349d

SHA-1:
a342e611a83aa9282976f485df546a180daba55f

SHA-256:
2a5fcb24b35c38711e70a165b9bdc81c6171c5a4c9c34ab7ac87e62493f98949

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
9/8/2024 3:37:44 AM UTC  (today)

File size:
27.5 KB (28,112 bytes)

Product version:
6.3.9391.6

Copyright:
Copyright© 2009 Mellanox Technologies Ltd

Original file name:
winmad.sys

File type:
Driver (Win64 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\winmad.sys

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
8/4/2014 11:33:34 PM

Valid to:
4/30/2015 11:33:34 PM

Subject:
CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Windows PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
33000001364C4ED9674670DA3B000000000136

File PE Metadata
Compilation timestamp:
5/9/2013 7:14:27 PM

OS version:
6.2

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
11.0

CTPH (ssdeep):
384:Di8smN64qz1COMHOci4UOBvoUZ6+8zVBvE975VWVLmXmoDRuQkwlCovWB:D7P6b1rYOcU8wUZ6rzVep5IIXD8AuB

Entry address:
0x30C8

Entry point:
48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8B, DA, 48, 8B, F9, E8, 23, 4F, 00, 00, 48, 8B, D3, 48, 8B, CF, 48, 8B, 5C, 24, 30, 48, 83, C4, 20, 5F, E9, 02, 00, 00, 00, CC, CC, 48, 89, 5C, 24, 08, 48, 89, 6C, 24, 10, 48, 89, 74, 24, 18, 57, 48, 83, EC, 20, 33, ED, 48, 8B, F2, 48, 8B, F9, 48, 85, C9, 75, 0A, E8, E6, DE, FF, FF, E9, E0, 00, 00, 00, 48, 89, 0D, C2, 2D, 00, 00, 48, 8D, 05, D3, 2D, 00, 00, 48, 8D, 0D, D4, 2F, 00, 00, 48, 89, 05, D5, 2F, 00, 00, C7, 05, C3, 2F, 00, 00, 00, 00, 08, 02, FF, 15, 15...
 
[+]

Code size:
12 KB (12,288 bytes)

Driver
Display name:
WinMad Service

Service name:
WinMad

Type:
Kernel device driver (KernelDriver)

Group:
PNP Filter

Depends on:
winverbs


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.