» nppokkidownloadhelper.1.1.0.75.dll
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

nppokkidownloadhelper.1.1.0.75.dll

Pokki Download Helper

Pokki

The library nppokkidownloadhelper.1.1.0.75.dll has been detected as malware by 1 anti-virus scanner. It is installed within the Mozilla Firefox web browser as an extension/plugin as ‘pokki.com/PokkiDownloadHelper’. This file is typically installed with the program Pokki Download Helper by SweetLabs, Inc..

File name:

Publisher:

Pokki (signed and verified)

Product:

Pokki Download Helper

Version:

1.1.0.75

MD5:

13f1657a4b70b2cab6d71715fd3e5da1

SHA-1:

f0d248085806f5008e62ffbd8d63e4ecea074a36

SHA-256:

0a95d35e6f8141cacb34c5b4116ca1ef07cdf31bc13f168a042eef94391b5962

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

4/26/2024 11:30:37 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Win32.Generic

16.2.5.6

File size:

754.8 KB (772,920 bytes)

Product version:

1.1.0.75

Original file name:

npPokkiDownloadHelper.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\pokki\download helper\nppokkidownloadhelper.1.1.0.75.dll

Digital Signature

Signed by:

Pokki

Authority:

VeriSign, Inc.

Valid from:

4/25/2011 8:00:00 PM

Valid to:

4/25/2012 7:59:59 PM

Subject:

CN=Pokki, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Pokki, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

1BCDD0BBE1C67F61E5879491CE2ACB69

File PE Metadata

Compilation timestamp:

6/22/2011 5:25:54 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:4waEDhnHEk353vbNizSWIeLxFgkYoAw4dQylWhbssG6+U/IwB2YQXME8QrH:/aMn5wDxioAw4hOG6+U/IwB2YQsw

Entry address:

0x478DF

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, D8, 90, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 83, 3D, 44, 13, 0B, 10, 00, 0F, 84, 04, 94, 00, 00, 83, EC, 08, 0F, AE, 5C, 24, 04, 8B, 44, 24, 04, 25, 80, 1F, 00, 00, 3D, 80, 1F, 00, 00, 75, 0F, D9, 3C, 24, 66, 8B, 04, 24, 66, 83, E0, 7F, 66, 83, F8, 7F, 8D, 64, 24, 08, 0F, 85, D3, 93, 00, 00, EB, 00, F3, 0F, 7E, 44, 24, 04, 66, 0F, 28, 15, 60, 37, 08, 10, 66... 
[+]

Entropy:

6.5916

Code size:

498 KB (509,952 bytes)

Mozilla Plugin

Name:

pokki.com/PokkiDownloadHelper

The file nppokkidownloadhelper.1.1.0.75.dll has been discovered within the following programs.

Pokki Download Helper by SweetLabs, Inc.

Publisher's description - “The Pokki platform provides users with rich HTML5 apps on their Windows desktop for the ultimate app experience on the PC. Categories of apps include games, social media, education, entertainment, music, photography and more. Pokki brings your favorite apps to your PC.”

www.pokki.com

53% remove it

Remove nppokkidownloadhelper.1.1.0.75.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.