home

Pokki

Publisher Information

Pokki is a software developer located in San Diego, California in the United States*. Thre are 2 additional code signing certificates issued to this publisher.
Authority:
VeriSign, Inc.

Valid from:
4/25/2011 8:00:00 PM

Valid to:
4/25/2012 7:59:59 PM

Subject:
CN=Pokki, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Pokki, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1bcdd0bbe1c67f61e5879491ce2acb69

Scanner detections:
Malware distribution  (76% detected)

Scan engine
Details
Detections

Reason Heuristics
Win64.Generic.Pokki.Meta, Win32.Generic.Pokki.Installer.Meta, Win32.Generic.Pokki.Meta, PUP.SweetLabs.Pokki.Installer (L), PUP.SweetLabs.Pokki.Updater (L), PUP.OpenCandy (M), PUP.OPenCandy (M)
100.00%

Trend Micro House Call
TROJ_GEN.F47V0318
2.63%

Clam AntiVirus
Win.Trojan.Agent-209308
2.63%

0 / 68
pokki.exe (Pokki)  (ecb5d59fdc4db5f8d096766b4d59ed9d)

0 / 68
pokki.exe (Pokki)  (12f95a4d6c78abaf989d33741e325cf6)

1 / 68      (PUP)
___ocnsis.dll (ocnsis Dynamic Link Library by Pokki)  (6d66361ef7209bcc7934b16468f140b3)

1 / 68      (Malware)
ocdminstaller8986752383890855112.exe (Pokki Download Helper by Pokki)  (4dfee9beab693555e46f3e6e86a349a7)

0 / 68
pokki.exe (Pokki)  (2f8f49e97e14a78841a3d6aca9bcdfe4)

0 / 68
pokki.exe (Pokki)  (f09217cf1ec6427630a63256515384d2)

1 / 68      (Malware)
ocdeskband_0.dll (ocdeskband Dynamic Link Library)  (50c531d48f7f0587591c21e71ba146a5)

1 / 68      (PUP)
pokkiInstaller.exe (Pokki Installer by Pokki)  (c500120a73ff8969e39cad1b13251826)

1 / 68      (PUP)
dragonsofatlantis.exe (Dragons of Atlantis by SweetLabs, Inc)  (aaea6de4b70ba6dfc545aae66c79f59e)

0 / 68
Pokki_TweekiSetup.exe (Tweeki for Pokki by Pokki)  (fb0ee92b38f916bb5bcafc58d8ce4497)

1 / 68      (PUP)
Pokki_EdgeworldSetup.exe (Edgeworld for Pokki by Pokki)  (b31e3b349cc717a09559e658c2453721)

1 / 68      (Malware)
ocexdll.dll (Pokki Explorer Hook DLL)  (3dba7bc7c0a2516e9664e5d07a495424)

1 / 68      (PUP)
Pokki_eBaySetup.exe (eBay for Pokki by Pokki)  (1368c43397fe00ebce51a6f454455f90)

1 / 68      (PUP)
Pokki_EdgeworldSetup.exe (Edgeworld for Pokki by Pokki)  (868c32e16a3c88ae38bd7be6605e2668)

1 / 68      (PUP)
Pokki_GmailSetup.exe (Gmail for Pokki by Pokki)  (e8d1ce89dbb630a0a55f93270bd42007)

1 / 68      (Malware)
ocexdll.dll (Pokki Explorer Hook DLL)  (59c23d9c24d9b0968a96f523fb1eeda0)

0 / 68
pokki.exe (Pokki)  (d01407a2b43d12454645a8b079666b48)

0 / 68
aerohook64.exe (Aero Live Preview Hook for Pokki by Pokki)  (f90b7e0069a23f1948edbb9a24c8686d)

1 / 68      (PUP)
___ocnsis64.dll (ocnsis Dynamic Link Library by Pokki)  (34ec1ac324817db5aecbb7066b87f0cc)

1 / 68      (PUP)
pokkiupdater.exe (Pokki Updater by SweetLabs,Inc)  (3d642fbb82d66b34d8779f2a03c297b9)

1 / 68      (PUP)
Pokki_The_GodfatherSetup.exe (The Godfather for Pokki by Pokki)  (606997bba6405a92f4174f49b647a06f)

0 / 68
tmpa801.exe (Pokki Download Helper by Pokki)  (81cd5521830f4d51cc52341477c23fd2)

1 / 68      (PUP)
pokki_tubbisetup-1.exe (Tubbi for Pokki by Pokki)  (d85b128033881957cbc3cbfa65436351)

0 / 68
pokki.exe (Pokki)  (ff74dd4381cab57276455d8aa5f473a3)

1 / 68      (Malware)
ocdeskband_0.dll (ocdeskband Dynamic Link Library)  (e026f0791acb78818de33118e94f10f1)

1 / 68      (PUP)
pweather-en-win.exe (pWeather for Pokki by Pokki)  (38f6acbb1d4b12f4529da0cd397a9ba1)

1 / 68      (Malware)
oct15f3.tmp.exe  (50a577c4f734ba894c4a305088a80aa4)

1 / 68      (Malware)
ocnsis.dll (ocnsis Dynamic Link Library by Pokki)  (573a44da0fb5d44088c2099831930371)

1 / 68      (PUP)
Pokki_GmailSetup.exe (Gmail for Pokki by Pokki)  (d631ba6e621ec98f174982c074d79eb7)

0 / 68
pokki.exe (Pokki)  (d41c58f340a27244151eeef55bb89dc9)

 
Latest 30 of 102 files

Downloads URLs for files signed by Pokki.

1 / 68      (Malware)
http://ec.ccm2.net/es.ccm.net/download/.../Pokki_Little_AlchemySetup-1.exe  (ead68c2363a95e38b67c4dbec693d2ce)

1 / 68      (Malware)
http://gsf-cf.softonic.com/007/1e7/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3343901&instance=softonic_fr&type=PROGRAM&Expires=1481630567&Signature=B9vENxWAzujldU7H6dNQ4xRSMBzBmlixOIEeDxTeeDX4HZYfCKewhr4l~pnXhHhDYF3WiVCudE3mqrR2AwWrPH5UVawNC0hhNJDyIhEp48sKYKzKJuLmvGPO2hR3QEqbXLzSRqXDpun9wLAKa5zLsPnBpiKIpDcoU5~sqVVth5M_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Pokki_Little_AlchemySetup.exe  (ead68c2363a95e38b67c4dbec693d2ce)

1 / 68      (Malware)
http://gsf-cf.softonic.com/007/1e7/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3343901&instance=softonic_en&type=PROGRAM&Expires=1438124402&Signature=Q5~smueKx63hO8EXeUOic~7gfCVHgxLu85gfDpsBo0Obb480SySfYZAN-OUuo6CcuPq0KoEIq5sqxKu2lnbdUBXDt~yaLe4I7zWFMSRahw~7zVihXR9Lrzcui4xHazEBaHKiQeaVTZ5G1JvAsdBP~BNfNW0r-vEZr8rYvh0dbTQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Pokki_Little_AlchemySetup.exe  (ead68c2363a95e38b67c4dbec693d2ce)

1 / 68      (Malware)
http://gsf-cf.softonic.com/007/1e7/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3343901&instance=softonic_es&type=PROGRAM&Expires=1479054342&Signature=aAvJJ0w1WUfmPlIJS1aoYzkxdXtDkaEzjKEYWjQF0XGMd-FaOyyTcMpZiU9e6~y1ABLGm5JWYq9yyF1sB9Im4Saipxi2jdfzlVETVoKqxnfk8Lc2~AuB-d67n-n-D0HnYw3BcECfKECbNZbCKuEj1BfEvBi3WrYHI81dT0xYn~w_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Pokki_Little_AlchemySetup.exe  (ead68c2363a95e38b67c4dbec693d2ce)

1 / 68      (PUP)
http://cdn.pokki.com/.../Pokki_EdgeworldSetup.exe  (b31e3b349cc717a09559e658c2453721)

1 / 68      (Malware)
http://cdn.pokki.com/.../Pokki_Little_AlchemySetup.exe  (ead68c2363a95e38b67c4dbec693d2ce)

1 / 68      (Malware)
http://gsf-cf.softonic.com/007/1e7/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3343901&instance=softonic_es&type=PROGRAM&Expires=1461128649&Signature=KpDgZA~n6o~12eP9htiPWgH9NXaeiHhHG~WVUtwUz8ry38qPB1WrAw7Z~WYIsLovWMNRWMK4sFMHb26FO9HvzaM73zcZbwtxTDnyMYVbnsriVGuJOKwegPA4Q0Pa3ukkI9DDM00ilXRuOaK0ECY7N6Ud4BD9WLjXguk-FUGfx4I_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Pokki_Little_AlchemySetup.exe  (ead68c2363a95e38b67c4dbec693d2ce)

1 / 68      (Malware)
http://gsf-cf.softonic.com/007/1e7/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3343901&instance=softonic_fr&type=PROGRAM&Expires=1468657124&Signature=Ih0AOUUAbC~Qw-R9I1VW4jI~QHAowIV89Wuj4N8ywrEV1AEexnraaTmB~zQ-tBwECzdek18LZEh40~IA81CTKWuStg15ORWnVmSEgrtxyV~vROME34SdmNE-YWbL4FVIAhnzQhlhzE8tZd4jLHxqzKYG~gZ0kKLfRNIM1ZXFAp8_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Pokki_Little_AlchemySetup.exe  (ead68c2363a95e38b67c4dbec693d2ce)

1 / 68      (Malware)
http://gsf-cf.softonic.com/007/1e7/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3343901&instance=softonic_es&type=PROGRAM&Expires=1461659114&Signature=SWabII0AofxkVbI2DT0BgKaOpo9j7~K-nZEZ3b4hZH5NJkiTqqZCDsIwGCBpxeJ7OnCcZtAw24iy9loFgOLD7i3afGb8XilP72EpcC8WUuuIUZfUHd66EG6L927jdzCFP-67Oh7~gNlZiNLCmI9LVMo5UEto~NMsQcvsDyedad8_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Pokki_Little_AlchemySetup.exe  (ead68c2363a95e38b67c4dbec693d2ce)

1 / 68      (Malware)
http://cdn.pokki.com/.../Pokki_FacebookSetup.exe  (216e211f962349bbb5480bbd0e28d370)

1 / 68      (Malware)
http://gsf-cf.softonic.com/007/1e7/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3343901&instance=softonic_es&type=PROGRAM&Expires=1447380082&Signature=Bw9L1RzKCuzPGbcGyBmUvI3Pv3ypzZviPeQUQNo4esuV34QloG0-XY4Z~4bynmuISxnSfMSYJTlHuxHdT3iVptKELIl0Z6ZnIV4rK90FW1Tc9oAa1iHpCmaUZH~9-4sdevHOWQC8jzyL8K2pkzle9-Bns-vey02LQgdzpj~Evdk_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Pokki_Little_AlchemySetup.exe  (ead68c2363a95e38b67c4dbec693d2ce)

The following websites host and distribute files published by Pokki.

gsf-cf.softonic.com

cdn.pokki.com

The certificates below are also signed by Pokki.

0895BFAF55A6DC53921FCDFF971124BD  (Apr 19, 2015 to May 19, 2017)

7F0C02A0B2F2B0727327296C8736183B  (Feb 27, 2012 to Apr 25, 2015)

The following publishers (by Authenticode signature organization name) are related.

Speed Low Inc.

GTE Corporation

* Note, the details and description above are based on the code signing digital signature issued to Pokki by VeriSign, Inc. on April 25, 2011 with the serial number '1bcdd0bbe1c67f61e5879491ce2acb69'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.