home

___ocnsis.dll

Pokki

GTE Corporation

The module ___ocnsis.dll, “Pokki support library.” by GTE has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
SweetLabs, Inc.  (signed by GTE Corporation)

Product:
Pokki

Description:
Pokki support library.

Version:
0.269.7.660

MD5:
0133365820ebcf48308e497b53616f37

SHA-1:
15e11a094ffa5de58ad27755130e5d2ee85b8b37

SHA-256:
7cf0ef69410db07b75091e612141bbb6ae034a36dddf69fc9fb92f51ad88235e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
4/16/2024 6:03:32 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OpenCandy.Bundler.Meta (L)
16.2.13.3

File size:
3.6 MB (3,814,340 bytes)

Product version:
0.269.7.660

Copyright:
Copyright (C) 2010-2014 - SweetLabs, Inc

Original file name:
ocnsis.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\___ocnsis.dll

Digital Signature
Signed by:
GTE Corporation

Authority:
GTE Corporation

Valid from:
8/13/1998 3:29:00 AM

Valid to:
8/14/2018 2:59:00 AM

Subject:
CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US

Issuer:
CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US

Serial number:
01A5

File PE Metadata
Compilation timestamp:
5/29/2015 5:10:00 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:zdiwZy+vE2MvG02nCdifNNtsyHR4/BMiiq6B9j5w:ZLZfEs9yANNzHWo9ji

Entry address:
0x391000

Entry point:
60, E8, 00, 00, 00, 00, 5D, 8B, C5, 81, ED, CE, B2, 01, 20, 2B, 85, 35, BA, 01, 20, 89, 85, 31, BA, 01, 20, B0, 00, 86, 85, 66, BC, 01, 20, 3C, 01, 0F, 85, BC, 01, 00, 00, 83, BD, 61, BB, 01, 20, 00, 74, 33, 83, BD, 65, BB, 01, 20, 00, 74, 2A, 8B, 85, 31, BA, 01, 20, 2B, 85, 61, BB, 01, 20, 8B, 00, 89, 85, 9E, BB, 01, 20, 8B, 85, 31, BA, 01, 20, 2B, 85, 65, BB, 01, 20, 8B, 00, 89, 85, A2, BB, 01, 20, EB, 61, 83, BD, 69, BB, 01, 20, 00, 74, 58, 8B, 85, 31, BA, 01, 20, 2B, 85, 69, BB, 01, 20, FF, 30, 8D, 85...
 
[+]

Entropy:
6.8586

Packer / compiler:
ASPack v1.08.04

Code size:
2.4 MB (2,505,728 bytes)

Remove ___ocnsis.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.