» pokemongotool.exe
Overview
Analysis
File Details
Downloads (1)

pokemongotool.exe

The executable pokemongotool.exe has been detected as malware by 21 anti-virus scanners. This is a setup program which is used to install the application. Accoriding to the detections, this has been classified as a kyelogger which is capable of recoring a user's keystrokes. The file has been seen being downloaded from www.file-upload.net.

File name:

pokemongotool.exe

Version:

0.0.0.0

MD5:

c9a54403244196793fdced4137d57e2f

SHA-1:

2d1d48bd40ce13ed4c8d542d9358e66ae32e3d4d

SHA-256:

807adb34c124bf7796c15a5a5c8fbb338a4abc49cc33c9a6f9aac2e8dfd2593c

Scanner detections:

21 / 68

Status:

Malware

Analysis date:

4/26/2024 12:22:28 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.71914

182

AegisLab AV Signature

Troj.Spy.MSIL.KeyLogger.lw1O

2.1.4+

Avira AntiVirus

TR/Dropper.Gen

8.3.3.4

Arcabit

Trojan.Kazy.D118EA

1.0.0.741

avast!

MSIL:GenMalicious-AHQ [Trj]

2014.9-160805

AVG

PSW.ILSpy

2017.0.2660

Baidu Antivirus

MSIL.Trojan.Injector

4.0.3.1685

Bitdefender

Gen:Variant.Kazy.71914

1.0.20.1090

Emsisoft Anti-Malware

Gen:Variant.Kazy.71914

8.16.08.05.01

ESET NOD32

MSIL/Injector.YN (variant)

10.13874

Fortinet FortiGate

MSIL/Injector.PE!tr

8/5/2016

F-Prot

W32/MSIL_Troj.CD.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Kazy.71914

11.2016-05-08_6

G Data

Gen:Variant.Kazy.71914

16.8.25

IKARUS anti.virus

Trojan.Agent

t3scan.2.1.6.0

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.-203

Microsoft Security Essentials

VirTool:MSIL/Obfuscator.BK

1.1.12902.0

MicroWorld eScan

Gen:Variant.Kazy.71914

17.0.0.654

Qihoo 360 Security

QVM03.0.Malware.Gen

1.0.0.1120

Quick Heal

VirTool.Obfuscator.AM5

8.16.14.00

Sophos

Troj/MSIL-ECK

4.98

File size:

296 KB (303,104 bytes)

Product version:

0.0.0.0

Original file name:

czono1ed.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\pokemongotool.exe

File PE Metadata

Compilation timestamp:

7/28/2016 9:03:10 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:G9SVNB+ruaa933TlFUK+bTsRuG6S8XcR44f56NEF:GWB+yUKraXXcZ

Entry address:

0x4788E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

280 KB (286,720 bytes)

The file pokemongotool.exe has been seen being distributed by the following URL.

http://www.file-upload.net/download5.php?valid=634.27200571815&id=11803984&name=PokemonGoTool.exe

Remove pokemongotool.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.