pokemongotool.exe

The executable pokemongotool.exe has been detected as malware by 21 anti-virus scanners. This is a setup program which is used to install the application. Accoriding to the detections, this has been classified as a kyelogger which is capable of recoring a user's keystrokes. The file has been seen being downloaded from www.file-upload.net.
Version:
0.0.0.0

MD5:
c9a54403244196793fdced4137d57e2f

SHA-1:
2d1d48bd40ce13ed4c8d542d9358e66ae32e3d4d

SHA-256:
807adb34c124bf7796c15a5a5c8fbb338a4abc49cc33c9a6f9aac2e8dfd2593c

Scanner detections:
21 / 68

Status:
Malware

Analysis date:
11/23/2024 3:18:13 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.71914
182

AegisLab AV Signature
Troj.Spy.MSIL.KeyLogger.lw1O
2.1.4+

Avira AntiVirus
TR/Dropper.Gen
8.3.3.4

Arcabit
Trojan.Kazy.D118EA
1.0.0.741

avast!
MSIL:GenMalicious-AHQ [Trj]
2014.9-160805

AVG
PSW.ILSpy
2017.0.2660

Baidu Antivirus
MSIL.Trojan.Injector
4.0.3.1685

Bitdefender
Gen:Variant.Kazy.71914
1.0.20.1090

Emsisoft Anti-Malware
Gen:Variant.Kazy.71914
8.16.08.05.01

ESET NOD32
MSIL/Injector.YN (variant)
10.13874

Fortinet FortiGate
MSIL/Injector.PE!tr
8/5/2016

F-Prot
W32/MSIL_Troj.CD.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Kazy.71914
11.2016-05-08_6

G Data
Gen:Variant.Kazy.71914
16.8.25

IKARUS anti.virus
Trojan.Agent
t3scan.2.1.6.0

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-203

Microsoft Security Essentials
VirTool:MSIL/Obfuscator.BK
1.1.12902.0

MicroWorld eScan
Gen:Variant.Kazy.71914
17.0.0.654

Qihoo 360 Security
QVM03.0.Malware.Gen
1.0.0.1120

Quick Heal
VirTool.Obfuscator.AM5
8.16.14.00

Sophos
Troj/MSIL-ECK
4.98

File size:
296 KB (303,104 bytes)

Product version:
0.0.0.0

Original file name:
czono1ed.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\pokemongotool.exe

File PE Metadata
Compilation timestamp:
7/28/2016 9:03:10 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:G9SVNB+ruaa933TlFUK+bTsRuG6S8XcR44f56NEF:GWB+yUKraXXcZ

Entry address:
0x4788E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
280 KB (286,720 bytes)

The file pokemongotool.exe has been seen being distributed by the following URL.

Remove pokemongotool.exe - Powered by Reason Core Security