home

___ocnsis.dll

Pokki

GTE Corporation

The module ___ocnsis.dll, “Pokki support library.” by GTE has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
SweetLabs, Inc.  (signed by GTE Corporation)

Product:
Pokki

Description:
Pokki support library.

Version:
0.269.7.714

MD5:
915e9b13f1dc6fcf952096da2214625f

SHA-1:
4d46441e5afa668f5f0ce0b6057c27e967359983

SHA-256:
168e325ae0ea89be5d41f138427cdb3facb5cd06e0b414b3e58fb9204f9e1b2f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/26/2024 5:50:36 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OpenCandy (M)
17.2.26.23

File size:
3.8 MB (4,010,833 bytes)

Product version:
0.269.7.714

Copyright:
Copyright (C) 2010-2014 - SweetLabs, Inc

Original file name:
ocnsis.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\___ocnsis.dll

Digital Signature
Signed by:
GTE Corporation

Authority:
GTE Corporation

Valid from:
8/13/1998 7:29:00 AM

Valid to:
8/14/2018 6:59:00 AM

Subject:
CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US

Issuer:
CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US

Serial number:
01A5

File PE Metadata
Compilation timestamp:
7/25/2015 12:00:38 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x39E000

Entry point:
60, E8, 00, 00, 00, 00, 5D, 8B, C5, 81, ED, A8, A6, 01, 20, 2B, 85, 0F, AE, 01, 20, 89, 85, 0B, AE, 01, 20, B0, 00, 86, 85, 40, B0, 01, 20, 3C, 01, 0F, 85, BC, 01, 00, 00, 83, BD, 3B, AF, 01, 20, 00, 74, 33, 83, BD, 3F, AF, 01, 20, 00, 74, 2A, 8B, 85, 0B, AE, 01, 20, 2B, 85, 3B, AF, 01, 20, 8B, 00, 89, 85, 78, AF, 01, 20, 8B, 85, 0B, AE, 01, 20, 2B, 85, 3F, AF, 01, 20, 8B, 00, 89, 85, 7C, AF, 01, 20, EB, 61, 83, BD, 43, AF, 01, 20, 00, 74, 58, 8B, 85, 0B, AE, 01, 20, 2B, 85, 43, AF, 01, 20, FF, 30, 8D, 85...
 
[+]

Packer / compiler:
ASPack v1.08.04

Code size:
2.4 MB (2,555,392 bytes)

Remove ___ocnsis.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.