home

pokkiInstaller.exe

Pokki Installer

GTE Corporation

The executable pokkiInstaller.exe has been detected as malware by 12 anti-virus scanners. This is a setup and installation application and has been known to bundle potentially unwanted software.
Publisher:
Pokki  (signed by GTE Corporation)

Product:
Pokki Installer

Version:
0.260.9.16

MD5:
9c3244e4947d5be0366085d6cba1c8ac

SHA-1:
901e6834304b09b48d766a4d66090e9f578ee5b4

SHA-256:
4283463602b8db7add647b3a8e3c003e0616ad3cc42b471648c6b04efcf9c974

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
4/26/2024 7:27:52 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Gardih
160213-1

AVG
Win32/Hidrag.A
2015.0.4522

Dr.Web
Win32.HLLP.Jeefo.36352
9.0.1.05190

Emsisoft Anti-Malware
Win32.Jeefo
10.0.0.5366

ESET NOD32
Win32/Jeefo.A virus
7.0.302.0

F-Prot
W32/Jeefo.A
4.6.5.141

Kaspersky
Virus.Win32.Hidrag
15.0.0.562

McAfee
Virus.W32/Jeefo.e
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.6155.0

Norman
Win32.Jeefo.B
03.02.2016 07:38:05

Sophos
Virus 'W32/Jeefo-A'
5.23

VIPRE Antivirus
Threat.55332
47028

File size:
2.4 MB (2,539,800 bytes)

Product version:
0.260.9.16

Copyright:
Copyright (C) 2010-2012 - SweetLabs, Inc

Original file name:
pokkiInstaller.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Application data\opencandy\4c34d7aaed3f4a6c90a6aa1f355ba24b\pokkiinstaller.exe

Digital Signature
Signed by:
GTE Corporation

Authority:
GTE Corporation

Valid from:
8/13/1998 3:29:00 AM

Valid to:
8/14/2018 2:59:00 AM

Subject:
CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US

Issuer:
CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US

Serial number:
01A5

File PE Metadata
Compilation timestamp:
8/24/2001 6:00:00 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.55

CTPH (ssdeep):
49152:/nbuVodkZvwpJy0/VckYJd3Xy+tT0dpnVx9NsbQQ/obo+ZoD552YT073UR:/bFQ0dckYJcmwMGq5fY3UR

Entry address:
0x11F0

Entry point:
55, 89, E5, 83, EC, 08, 83, C4, F4, 6A, 02, A1, C8, B2, 40, 00, FF, D0, E8, 79, FF, FF, FF, C9, C3, 00, 00, 00, 00, 00, 00, 00, 49, 6A, 65, 65, 66, 6F, 21, 45, 73, 62, 68, 70, 6F, 21, 77, 6A, 73, 76, 74, 2F, 21, 43, 70, 73, 6F, 21, 6A, 6F, 21, 62, 21, 75, 73, 70, 71, 6A, 64, 62, 6D, 21, 74, 78, 62, 6E, 71, 2F, 00, 5C, 00, 20, 00, 22, 00, 8D, 76, 00, 55, 89, E5, 8B, 4D, 08, 8B, 55, 0C, 31, C0, 39, D0, 73, 08, 00, 04, 08, 40, 39, D0, 72, F8, C9, C3, 8D, 76, 00, 55, 89, E5, 8B, 4D, 08, 8B, 55, 0C, 31, C0, 39...
 
[+]

Packer / compiler:
Video-Lan-Client

Code size:
32.5 KB (33,280 bytes)

Remove pokkiInstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.