» ___ocnsis.dll
Overview
Analysis
File Details

___ocnsis.dll

Pokki

GTE Corporation

The module ___ocnsis.dll, “Pokki support library.” by GTE has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.

File name:

___ocnsis.dll

Publisher:

SweetLabs, Inc. (signed by GTE Corporation)

Product:

Pokki

Description:

Pokki support library.

Version:

0.269.7.660

MD5:

8ed2037e93abbe7f418716a1059f06de

SHA-1:

06097c76ae25f5e835ea5c8b835685e528cf9c1c

SHA-256:

ffdf7e8d94582eef6597c63d706fdcf0b670d2412dd3bef0610b73e409d7a24c

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

4/19/2024 5:28:25 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.OpenCandy (M)

17.3.16.13

File size:

3.6 MB (3,760,128 bytes)

Product version:

0.269.7.660

Original file name:

ocnsis.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\___ocnsis.dll

Digital Signature

Signed by:

GTE Corporation

Authority:

GTE Corporation

Valid from:

8/13/1998 7:29:00 AM

Valid to:

8/14/2018 6:59:00 AM

Subject:

CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US

Issuer:

CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US

Serial number:

01A5

File PE Metadata

Compilation timestamp:

5/29/2015 9:10:00 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

Entry address:

0x391000

Entry point:

60, E8, 00, 00, 00, 00, 5D, 8B, C5, 81, ED, 32, 6F, 01, 20, 2B, 85, 50, 72, 01, 20, 89, 85, 4C, 72, 01, 20, B0, 00, 86, 85, 9E, 74, 01, 20, 3C, 01, 0F, 85, DE, 02, 00, 00, 8B, 85, 4C, 72, 01, 20, 2B, 85, 58, 72, 01, 20, 8B, 00, 89, 85, EA, 73, 01, 20, 8B, 85, 4C, 72, 01, 20, 2B, 85, 5C, 72, 01, 20, 8B, 00, 89, 85, F2, 73, 01, 20, 83, BD, F2, 73, 01, 20, 00, 0F, 84, A9, 02, 00, 00, 83, BD, EA, 73, 01, 20, 00, 0F, 84, 9C, 02, 00, 00, 8D, 85, 8D, 74, 01, 20, 50, FF, 95, EA, 73, 01, 20, 83, F8, 00, 0F, 84, 86... 
[+]

Entropy:

6.8331

Packer / compiler:

ASPack v1.08.04

Code size:

2.4 MB (2,505,728 bytes)

Remove ___ocnsis.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.