Gridinsoft Logo
File Icon

The mocha.dll File Analysis

Updated 2 months ago
Checked by Malware Check
mocha.dll

Technical Analysis

File Name mocha.dll
File Type
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Scanner Version 1.0.227.174
Database Version 2025-10-18 02:00:20 UTC

Clean File

No threats detected by our scanner

0%
Detection Rate
90,175,144
File Size (bytes)
2025-10-18
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
cebe88178002d24aabd1933b5f6ecb46
SHA1
7771cd11fbb41a32fdf3f9f04a2eebe6d72f46b3
SHA256
050db4d4fc76bb539293529019fb3818a5918c45934db7ef1cfdff7764981456
SHA512
ccd0b46c3fa7461740127976b71d1f83ff3792bc444016159f8fec96494bec2daf54ba5555560d2e8347783696406fca53f2a5357e55ae110c5dcfcc1c9da198
ImpHash
890bfbe55e2262cd2785c2f46dce1c4b

PE Analysis

Basic Information

Icon
Hash: bad6280c9bf78ac241ba132f789840b9
Fuzzy: a925b2e96d5f8e967cb627aaf6984445
dHash: 30ccaae8e0e6e430
Image Base 0x180000000
Entry Point 0x183853ab0
Compilation Time 2023-12-20 07:45:23
Checksum 0x05607252 (Actual: 0x05600530)
OS Version 6.0
PEiD Signatures PE32+ executable (DLL) (GUI) x86-64, for MS Windows
PDB Path E:\Jenkins\workspace\ndows-mocha-pro-all_mocha-10.0.0\MasterRelease\bin\mochaPro_plugin.pdb
Digital Signature The expected hash does not match the digest in SpcInfo
Imports 41 libraries
Exports 159 functions
Resources 6 Resources
Sections 11 Sections

Version Information

CompanyName Boris FX
FileDescription
FileVersion 10.0.5.38
LegalCopyright Copyright (C) Boris Fx.
OriginalFilename
ProductName mochaPro_plugin.dll
ProductVersion 10.0.5.38
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 62,776,524 bytes 62,776,832 bytes 6.68 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 892B2D34BDEA0B5312F052B82D015FB4
IPPCODE 0x03be0000 1,222,013 bytes 1,222,144 bytes 6.44 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ DD35398B75A3B42506D99B776CA58E08
.rdata 0x03d0b000 20,623,920 bytes 20,624,384 bytes 6.66 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ D82777D5159C73A4C12344C49963F16A
.data 0x050b7000 4,196,200 bytes 3,077,120 bytes 5.54 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4097D79BA531BE22C9A83965B1D3823E
.pdata 0x054b8000 1,763,904 bytes 1,764,352 bytes 7.15 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6E13537FF77D63F01C954CEBEAB7E3A7
IPPDATA 0x05667000 16,192 bytes 16,384 bytes 2.44 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE F408E0488B39B2AF4B21A6EA07EF1298
.qtmetad 0x0566b000 239 bytes 512 bytes 3.29 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ CC0596129D7445DAC459D980ABF467D2
_RDATA 0x0566c000 42,152 bytes 42,496 bytes 6.76 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ DFFD3C53066BF973F271153018921059
.qtmimed 0x05677000 322,789 bytes 323,072 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ 2D32D357AB751FFBBB513570C6EE6986
.rsrc 0x056c6000 33,916 bytes 34,304 bytes 6.40 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 1860170CE99D160372660B617FD065B7
.reloc 0x056cf000 283,160 bytes 283,648 bytes 5.52 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 99FA9BB5956B5893F6E1E50516FB88C1
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

4 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 6 (33,504 bytes)
Resource Type Count Total Size Percentage
RT_ICON 4 32,826 bytes
98%
RT_GROUP_ICON 1 62 bytes
0.2%
RT_VERSION 1 616 bytes
1.8%

Certificate Chain Analysis

Certificate Information
Product mochaPro_plugin.dll
File Version 10.0.5.38
Signing Date 07:48 AM 12/20/2023 (751 days ago)
Verification Status The digital signature of the object did not verify.
Signers Artel Software Inc; DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1; DigiCert Trusted Root G4
Counter Signers Symantec SHA256 TimeStamping Signer - G3; Symantec SHA256 TimeStamping CA; VeriSign Universal Root Certification Authority
Copyright Copyright (C) Boris Fx.
Certificate Chain Summary
DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 #1 Primary
Validity Period: 2021-04-29 00:00:00 → 2036-04-28 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 08 AD 40 B2 60 D2 9C 4C 9F 5E CD A9 BD 93 AE D9
Artel Software Inc #2 Chain
Validity Period: 2023-08-23 00:00:00 → 2024-08-21 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 02 97 02 3A 99 65 06 65 9D 24 28 D9 19 44 9F 95
Symantec SHA256 TimeStamping CA #3 Chain
Validity Period: 2016-01-12 00:00:00 → 2031-01-11 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 7B 05 B1 D4 49 68 51 44 F7 C9 89 D2 9C 19 9D 12
Symantec SHA256 TimeStamping Signer - G3 #4 Chain
Validity Period: 2017-12-23 00:00:00 → 2029-03-22 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 7B D4 E5 AF BA CC 07 3F A1 01 23 04 22 41 4D 12

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

The expected hash does not match the digest in SpcInfo

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
This file passed all security checks, but stay vigilant. New malware variants appear daily that can evade detection. Always verify files come from official sources and check digital signatures when available.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for
/

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now
Gridinsoft Anti-Malware