home

pokemon go bot by thenatoorat.exe

Pokemon GO Bot by TheNatoorat

Wirusomania Inc.

The executable pokemon go bot by thenatoorat.exe, “Bot for Pokemon GO by TheNatoorat” has been detected as malware by 15 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www102.zippyshare.com.
Publisher:
Wirusomania Inc.

Product:
Pokemon GO Bot by TheNatoorat

Description:
Bot for Pokemon GO by TheNatoorat

Version:
2.1.3.7

MD5:
6f663c45a4a4e6c526e5665933c25fe1

SHA-1:
4092847687591c388371285da577d39b6db12418

SHA-256:
b61eaa58f88d1870a511da8adc18f9f2c80a82e392bc52b405ed3eca123eee3c

Scanner detections:
15 / 68

Status:
Malware

Analysis date:
11/27/2024 5:31:15 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Jaik.11399
185

Arcabit
Trojan.Jaik.D2C87
1.0.0.742

Bitdefender
Gen:Variant.Jaik.11399
1.0.20.1080

Emsisoft Anti-Malware
Gen:Variant.Jaik.11399
8.16.08.03.10

Fortinet FortiGate
W32/Generic.AC.3586D8!tr
8/3/2016

F-Secure
Gen:Variant.Jaik.11399
11.2016-03-08_4

G Data
Gen:Variant.Jaik.11399
16.8.25

IKARUS anti.virus
Worm.Autorun
t3scan.2.1.6.0

K7 AntiVirus
Riskware
13.235.20434

Kaspersky
Worm.Win32.AutoRun
14.0.0.-192

MicroWorld eScan
Gen:Variant.Jaik.11399
17.0.0.648

NANO AntiVirus
Trojan.Win32.Ardamax.ecymer
1.0.38.8984

Qihoo 360 Security
HEUR/QVM07.1.0000.Malware.Gen
1.0.0.1120

Quick Heal
Worm.AutoRun
8.16.14.00

Vba32 AntiVirus
Trojan.BAT.Small
3.12.26.4

File size:
105 KB (107,482 bytes)

Product version:
2.1.3.7

Copyright:
2016 by TheNatoorat

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\pokemon go bot by thenatoorat.exe

File PE Metadata
Compilation timestamp:
5/2/2016 10:07:21 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:swc+eEoqbO0fcw1awWYP+tux2Ro58znFe:IIawWWeZRoWFe

Entry address:
0x8286

Entry point:
55, 8B, EC, 6A, FF, 68, E8, E0, 40, 00, 68, BC, A5, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 58, E0, 40, 00, 33, D2, 8A, D4, 89, 15, 00, E8, F0, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, FC, E7, F0, 00, C1, E1, 08, 03, CA, 89, 0D, F8, E7, F0, 00, C1, E8, 10, A3, F4, E7, F0, 00, 33, F6, 56, E8, A3, 21, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, 32, 01, 00, 00, FF, 15, 54, E0, 40, 00, A3, 64, FD, F0, 00, E8...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
52 KB (53,248 bytes)

The file pokemon go bot by thenatoorat.exe has been seen being distributed by the following URL.

http://www102.zippyshare.com/d/TDeCXaDF/.../Pokemon GO Bot by TheNatoorat.exe

Remove pokemon go bot by thenatoorat.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.