home

mokiar.exe

Microsoft x

The executable mokiar.exe has been detected as malware by 27 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
Product:
Microsoft x

Description:
x

Version:
1, 0, 0, 1

MD5:
fe3289244d90f0ed4fcb45b5a1ad532a

SHA-1:
df70ab1409463e6912ab44d15ca787147441f244

SHA-256:
a4a453ea9da7e165fc02e0e26768429129fbc0de286e19c3498fcf6ab9e54ba1

Scanner detections:
27 / 68

Status:
Malware

Analysis date:
4/27/2024 1:20:23 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Agent.BFSE
856

Agnitum Outpost
Trojan.Kryptik
7.1.1

AhnLab V3 Security
Trojan/Win32.Necurs
2014.10.02

Avira AntiVirus
TR/Crypt.XPACK.Gen2
7.11.30.172

avast!
Win32:Dropper-gen [Drp]
140929-0

AVG
Trojan horse Crypt3.ASEZ
2014.0.4025

Bitdefender
Trojan.Agent.BFSE
1.0.20.1375

Bkav FE
W32.HfsAutoA
1.3.0.4959

Comodo Security
TrojWare.Win32.Ransom.Blocker.FVE
19737

Emsisoft Anti-Malware
Trojan.Agent.BFSE
8.14.10.02.04

ESET NOD32
Win32/Kryptik.CMKT (variant)
8.10498

Fortinet FortiGate
W32/Yakes.GAKM!tr
10/2/2014

F-Prot
W32/A-127a8eb0
v6.4.7.1.166

F-Secure
Trojan.Agent.BFSE
11.2014-02-10_5

G Data
Trojan.Agent.BFSE
14.10.24

K7 AntiVirus
Trojan
13.183.13611

Kaspersky
Trojan-Ransom.Win32.Blocker
15.0.0.494

Malwarebytes
Trojan.Agent
v2014.10.02.04

McAfee
PWSZbot-FADF!0E854E82CCF7
5600.6984

Microsoft Security Essentials
Threat.Undefined
1.185.2523.0

MicroWorld eScan
Trojan.Agent.BFSE
15.0.0.825

nProtect
Trojan.Agent.BFSE
14.10.07.01

Panda Antivirus
Trj/Genetic.gen
14.10.08.12

Reason Heuristics
Threat.Win.Reputation.IMP
14.10.8.0

Sophos
Mal/EncPk-AMO
4.98

Total Defense
Win32/Zbot.IMWMRFC
37.0.11214

VIPRE Antivirus
Threat.4371328
33120

File size:
295.9 KB (303,009 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright © 2014

Original file name:
FnboAPMm GAPGTsUVyuv

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\baunwufa\mokiar.exe

File PE Metadata
Compilation timestamp:
9/30/2014 8:33:58 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:ufB++UXgqClGNJxjbGAEZZ6ZwGS983e5+nCOl3WtOD74:ufygqCGDaZZ6ZI98GZ074

Entry address:
0xCB1A

Entry point:
55, 8B, EC, 6A, FF, 68, 78, 13, 40, 00, 68, 10, CD, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 28, 11, 40, 00, 59, 83, 0D, C8, 6F, 5C, 00, FF, 83, 0D, CC, 6F, 5C, 00, FF, FF, 15, 2C, 11, 40, 00, 8B, 0D, C4, 6F, 5C, 00, 89, 08, FF, 15, 30, 11, 40, 00, 8B, 0D, C0, 6F, 5C, 00, 89, 08, A1, 34, 11, 40, 00, 8B, 00, A3, D0, 6F, 5C, 00, E8, 28, 01, 00, 00, 39, 1D, A0, FF, 40, 00, 75, 0C, 68, AE, CC, 40, 00, FF, 15, 38, 11...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
56 KB (57,344 bytes)

Scheduled Task
Task name:
Security Center Update - 1748229141

Trigger:
Daily (Runs daily at 11:00)

Description:
Keeps your Security Center software up to date. If this task is disabled or stopped, your Security Center software will not be kept up to date, meanin


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):
Connects to mrs02s05-in-f15.1e100.net  (173.194.35.111:443)

Remove mokiar.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.