home

ocdeskband_0.dll

ocdeskband Dynamic Link Library

Pokki

The library ocdeskband_0.dll has been detected as malware by 3 anti-virus scanners.
Publisher:
Pokki  (signed and verified)

Product:
ocdeskband Dynamic Link Library

Version:
0.247.0.277

MD5:
2320b548bc8c04fa1f9bd4236c27784d

SHA-1:
15014650ffb2b7ad90fb1c1830518b0e99135a64

SHA-256:
ef73bd4a5e0eab6eb6d8a6f743545fe538ac2aee427df3c6dd1fb7a6e8cd69ee

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
4/25/2024 3:05:05 PM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
Win.Trojan.Agent-209308
0.98/18155

Reason Heuristics
Win32.Generic.Pokki.Meta
15.6.5.22

Trend Micro House Call
TROJ_GEN.F47V0318
7.2.157

File size:
953.8 KB (976,696 bytes)

Product version:
247

Copyright:
Copyright (C) 2010-2012 - SweetLabs, Inc

Original file name:
ocdeskband.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\pokki\ocdeskband_0.dll

Digital Signature
Signed by:
Pokki

Authority:
VeriSign, Inc.

Valid from:
4/26/2011 1:00:00 AM

Valid to:
4/26/2012 12:59:59 AM

Subject:
CN=Pokki, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Pokki, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1BCDD0BBE1C67F61E5879491CE2ACB69

Registration
CLSID:
{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}

COM registered:
Yes

File PE Metadata
Compilation timestamp:
1/30/2012 11:29:05 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:dPixxRBuP3CwdT1z+XctO98MLhKF3CHN8u9SclzlmiHCAX4B3/XTsGn3:lixpuPRdT1zNO99sFyt8u9S0BCAIxTt3

Entry address:
0x3559D

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 66, 9F, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, C6, 46, 0C, 00, 85, C0, 75, 63, E8, 4F, 65, 00, 00, 89, 46, 08, 8B, 48, 6C, 89, 0E, 8B, 48, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, 00, 9C, 0D, 10, 74, 12, 8B, 0D, 18, 9B, 0D, 10, 85, 48, 70, 75, 07, E8, 71, 40, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, 08, A3, 0D, 10, 74, 16, 8B, 46, 08, 8B, 0D, 18, 9B, 0D, 10, 85, 48, 70, 75, 08, E8, AF...
 
[+]

Entropy:
6.7688

Code size:
742 KB (759,808 bytes)

Remove ocdeskband_0.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.