___ocnsis.dll

Pokki

GTE Corporation

The module ___ocnsis.dll, “Pokki support library.” by GTE has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
SweetLabs, Inc.  (signed by GTE Corporation)

Product:
Pokki

Description:
Pokki support library.

Version:
0.269.7.768

MD5:
a2c2749f72defd62d741df0f8a1472ff

SHA-1:
2f2394d52e6ae9723c1622251edd13587b7cc62b

SHA-256:
101736a9af91a6a0f826f2166a20ebfdadf4e9f7babc27a681ee1b96d136084a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/26/2024 6:24:37 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OpenCandy (M)
17.2.26.23

File size:
3.9 MB (4,040,657 bytes)

Product version:
0.269.7.768

Copyright:
Copyright (C) 2010-2014 - SweetLabs, Inc

Original file name:
ocnsis.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\___ocnsis.dll

Digital Signature
Signed by:

Authority:
GTE Corporation

Valid from:
8/13/1998 7:29:00 AM

Valid to:
8/14/2018 6:59:00 AM

Subject:
CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US

Issuer:
CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US

Serial number:
01A5

File PE Metadata
Compilation timestamp:
8/19/2015 7:02:24 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x3A5000

Entry point:
60, E8, 00, 00, 00, 00, 5D, 8B, C5, 81, ED, A8, A6, 01, 20, 2B, 85, 0F, AE, 01, 20, 89, 85, 0B, AE, 01, 20, B0, 00, 86, 85, 40, B0, 01, 20, 3C, 01, 0F, 85, BC, 01, 00, 00, 83, BD, 3B, AF, 01, 20, 00, 74, 33, 83, BD, 3F, AF, 01, 20, 00, 74, 2A, 8B, 85, 0B, AE, 01, 20, 2B, 85, 3B, AF, 01, 20, 8B, 00, 89, 85, 78, AF, 01, 20, 8B, 85, 0B, AE, 01, 20, 2B, 85, 3F, AF, 01, 20, 8B, 00, 89, 85, 7C, AF, 01, 20, EB, 61, 83, BD, 43, AF, 01, 20, 00, 74, 58, 8B, 85, 0B, AE, 01, 20, 2B, 85, 43, AF, 01, 20, FF, 30, 8D, 85...
 
[+]

Packer / compiler:
ASPack v1.08.04

Code size:
2.5 MB (2,579,456 bytes)

Remove ___ocnsis.dll - Powered by Reason Core Security