home

moony.exe

Moony

Markus Schmidt

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Moony’.
Publisher:
EmTec Innovative Software  (signed by Markus Schmidt)

Product:
Moony

Version:
3.21

MD5:
b703bcd9ebd4142d3ca47af4a4b1e49a

SHA-1:
8bb7df6c3d0ba4125ee88f58f3ad891fdd4850f9

SHA-256:
cee7f1da86c3dc0a0fd70d41d97053deb733da835caacafb3a4a656517f0f9df

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
1/14/2025 2:29:50 AM UTC  (today)

File size:
865.4 KB (886,200 bytes)

Product version:
3.21

Copyright:
Copyright © 1998-2007

Original file name:
Moony

File type:
Executable application (Win32 EXE)

Language:
German (Germany)

Digital Signature
Signed by:
Markus Schmidt

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
8/24/2006 2:00:00 AM

Valid to:
8/24/2008 1:59:59 AM

Subject:
CN=Markus Schmidt, OU=Secure Application Development, O=Markus Schmidt, L=Nuernberg, S=Bayern, C=DE

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
5FBB297236A666C21BE7D414F8A94A3A

File PE Metadata
Compilation timestamp:
1/15/2008 2:06:26 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:0r1koiAeuCqadgEKRVRfJGrxc0o6M2wyk5d9ZP:UkxHjepDJMxc0o6M2wykb9ZP

Entry address:
0x6F216

Entry point:
E8, 49, 1E, 01, 00, E9, 16, FE, FF, FF, A1, 3C, AE, 4C, 00, 83, C8, 01, 33, C9, 39, 05, 6C, 5D, 4D, 00, 0F, 94, C1, 8B, C1, C3, 6A, 10, 68, 18, 5C, 4C, 00, E8, 0E, 81, 00, 00, 8B, 5D, 08, 85, DB, 75, 0E, FF, 75, 0C, E8, BF, E1, FF, FF, 59, E9, CC, 01, 00, 00, 8B, 75, 0C, 85, F6, 75, 0C, 53, E8, 94, CE, FF, FF, 59, E9, B7, 01, 00, 00, 83, 3D, 40, 69, 4D, 00, 03, 0F, 85, 93, 01, 00, 00, 33, FF, 89, 7D, E4, 83, FE, E0, 0F, 87, 8A, 01, 00, 00, 6A, 04, E8, 4F, 86, 00, 00, 59, 89, 7D, FC, 53, E8, 69, 37, 00, 00...
 
[+]

Entropy:
6.6103

Code size:
600 KB (614,400 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Moony

Command:
"C:\moony\moony.exe"


Scan moony.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.