home

moh.sys

Jetico BestCrypt Security system for Windows NT

Jetico Inc. Oy

Publisher:
Jetico, Inc.  (signed by Jetico Inc. Oy)

Product:
Jetico(R) BestCrypt(TM) Security system for Windows NT(TM)

Description:
BestCrypt Mouse watcher

Version:
2.01 built by: WinDDK

MD5:
04355314a4ce730e9d58deccf86cd057

SHA-1:
f71f3e45b48e7347b06c967ba90d39cc50b72590

SHA-256:
f2ef863e0279c04ea51fc6c7f01c9859ba8cea01cdd39d2f02c2bf22204d9df3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
1/1/2025 6:15:23 PM UTC  (today)

File size:
30.6 KB (31,352 bytes)

Product version:
2.01

Copyright:
Copyright (C) Jetico, Inc. 1993-2000

Original file name:
moh.sys

File type:
Driver (Win64 SYS)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\drivers_2\driversxp_ia64\moh.sys

Digital Signature
Signed by:
Jetico Inc. Oy

Authority:
DigiCert Inc

Valid from:
8/28/2015 8:00:00 AM

Valid to:
8/27/2018 8:00:00 PM

Subject:
CN=Jetico Inc. Oy, O=Jetico Inc. Oy, L=Espoo, S=Uusimaa, C=FI

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
09A129FF53CCBA911A4D44EC015F21D2

File PE Metadata
Compilation timestamp:
8/12/2016 12:03:04 PM

OS version:
6.1

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
384:MhqIv/xA39wHZjcVTSXDZSd8LK/oknYPLS3ZsZZvDfvSDDi7FRJIlgHrRFHz:MIMXZgVOlm8+5fDDi/LrRt

Entry address:
0x6020

Entry point:
A0, E0, 01, 00, 00, 00, 00, 00, 00, A0, 21, 00, 00, 00, 00, 00, 74, 00, 76, 00, 00, 00, 00, 00, C0, 3D, 01, 00, 00, 00, 00, 00, A0, 33, 01, 00, 00, 00, 00, 00, 00, A0, 21, 00, 00, 00, 00, 00, 60, 28, 01, 00, 00, 00, 00, 00, 00, A0, 21, 00, 00, 00, 00, 00, 60, 23, 01, 00, 00, 00, 00, 00, 00, A0, 21, 00, 00, 00, 00, 00, 60, 2A, 01, 00, 00, 00, 00, 00, 00, A0, 21, 00, 00, 00, 00, 00, 00, 27, 01, 00, 00, 00, 00, 00, 00, A0, 21, 00, 00, 00, 00, 00, E0, 24, 01, 00, 00, 00, 00, 00, 00, A0, 21, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.3351

Code size:
9.5 KB (9,728 bytes)

Scan moh.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.