pokemon rom downloader.exe

The application pokemon rom downloader.exe has been detected as a potentially unwanted program by 27 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from download1441.mediafire.com and multiple other hosts.
MD5:
c9d847053f43707dc2facc76ff5a788b

SHA-1:
82392e004e5d17726d0fbd9b1aba8e8168a570a0

SHA-256:
74fa2f292f9911e410234ceb67812c161a5afcdfaf2f4ea3f9d83ea2d34f132a

Scanner detections:
27 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/25/2024 4:59:47 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Outbrowse.T
759

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.01.03

Avira AntiVirus
APPL/Downloader.Gen
7.11.199.42

avast!
NSIS:OutBrowse-D [PUP]
2014.9-150106

Baidu Antivirus
PUA.Win32.OutBrowse
4.0.3.1516

Bitdefender
Application.Bundler.Outbrowse.T
1.0.20.30

Dr.Web
Trojan.Packed.29078
9.0.1.06

ESET NOD32
Win32/OutBrowse.AJ (variant)
9.10959

Fortinet FortiGate
Riskware/OutBrowse
1/6/2015

F-Secure
Application.Bundler.Outbrowse
11.2015-06-01_3

G Data
Application.Bundler.Outbrowse
15.1.24

K7 AntiVirus
Trojan
13.1814525

Malwarebytes
PUP.Optional.OutBrowse
v2015.01.06.09

McAfee
RDN/Generic PUP.x!cqm
5600.6893

MicroWorld eScan
Application.Bundler.Outbrowse.T
16.0.0.18

NANO AntiVirus
Trojan.Win32.OutBrowse.deinil
0.30.0.64448

nProtect
Trojan-Clicker/W32.OutBrowse.726923
15.01.02.01

Panda Antivirus
Generic Suspicious
15.01.06.09

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Quick Heal
AdWare.OutBrowse.r5 (Not a Virus)
1.15.14.00

Sophos
Generic PUA IC
4.98

Trend Micro House Call
TROJ_SPNR.08IN14
7.2.6

Trend Micro
TROJ_SPNR.08IN14
10.465.06

Vba32 AntiVirus
AdWare.OutBrowse
3.12.26.3

VIPRE Antivirus
OutBrowse
36334

Zillya! Antivirus
Adware.OutBrowse.Win32.11790
2.0.0.2025

File size:
709.9 KB (726,923 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\pokemon rom downloader.exe

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:d9m4Ry75XB/qc8iX9UEkUaM1iAq1uY4trfap+g9TCXdBNmi6LxV2m/h5hp8XLD:dU48b/qczqEVf1idYY4t7+vVCtBNluqX

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9469

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file pokemon rom downloader.exe has been seen being distributed by the following 2 URLs.

Remove pokemon rom downloader.exe - Powered by Reason Core Security