» poketool.exe
Overview
Analysis
File Details
Downloads (1)

poketool.exe

The executable poketool.exe has been detected as malware by 19 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from s15.workupload.com.

File name:

poketool.exe

Version:

0.0.0.0

MD5:

ce93d795a8246d9f80050f6905ec86c2

SHA-1:

3bb8092b93c1bd22ea2837c39c96d55dc87e60e2

SHA-256:

d544ec55c00ed628a8a70dd5c8fc469bd8a210b0fc2ce9e9aa676a1349f64e2c

Scanner detections:

19 / 68

Status:

Malware

Analysis date:

11/16/2024 5:36:02 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.MSIL.8

182

AhnLab V3 Security

Trojan/Win32.Agent.C208803

3.7.5.15

Avira AntiVirus

TR/Dropper.Gen

8.3.3.4

Arcabit

Trojan.MSIL.8

1.0.0.741

avast!

MSIL:GenMalicious-IX [Trj]

2014.9-160805

AVG

PSW.ILSpy

2017.0.2660

Baidu Antivirus

MSIL.Trojan.Injector

4.0.3.1685

Bitdefender

Gen:Variant.MSIL.8

1.0.20.1090

Emsisoft Anti-Malware

Gen:Variant.MSIL

8.16.08.05.01

ESET NOD32

MSIL/Injector.DKR (variant)

10.13874

Fortinet FortiGate

MSIL/Injector.PE!tr

8/5/2016

F-Prot

W32/MSIL_Troj.CD.gen

v6.4.7.1.166

F-Secure

Gen:Variant.MSIL.8

11.2016-05-08_6

G Data

Gen:Variant.MSIL

16.8.25

IKARUS anti.virus

Trojan.Agent

t3scan.2.1.6.0

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.-203

McAfee

PWSZbot-FACM!CE93D795A824

5600.6316

MicroWorld eScan

Gen:Variant.MSIL.8

17.0.0.654

Qihoo 360 Security

QVM03.0.Malware.Gen

1.0.0.1120

File size:

300 KB (307,200 bytes)

Product version:

0.0.0.0

Original file name:

2fteoqro.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\poketool.exe

File PE Metadata

Compilation timestamp:

7/28/2016 9:13:22 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:69e1OcWUYdImfZZJfJ9w3oJQXw4xOmS3bU0wEyq4+24:69eELLd7ZZeoJQMy0w3q4+

Entry address:

0x48BDE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

284 KB (290,816 bytes)

The file poketool.exe has been seen being distributed by the following URL.

https://s15.workupload.com/.../h3zsLEa

Remove poketool.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.