60190.bubble dock addonsui.exe

Bubble Dock

NOSIBAY

The application 60190.bubble dock addonsui.exe, “Bubble Dock installer” by NOSIBAY has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the Nullsoft Scriptable Install System installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from cdn.bubbledock.it and multiple other hosts.
Publisher:
NOSIBAY  (signed and verified)

Product:
Bubble Dock

Description:
Bubble Dock installer

Version:
3.0.641.0.60190

MD5:
a54c6c4df655387aea50eff804f8a9ea

SHA-1:
a8909ba7eb718fd1020c88658143952f53997c1f

SHA-256:
4312547494622d851f19cf9f161d0a8a6bb670eeac98498f3ccbddb4eeb29bfe

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
11/22/2024 8:33:58 PM UTC  (today)

Scan engine
Detection
Engine version

Malwarebytes
PUP.Optional.BubbleDock.A
v2014.02.17.12

Reason Heuristics
PUP.Installer.NOSIBAY.DD
14.2.17.12

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

VIPRE Antivirus
BubbleDock
26550

File size:
607 KB (621,536 bytes)

Copyright:
© Nosibay

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Scriptable Install System

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\60190.bubble%20dock%20addonsui.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
9/21/2013 3:00:00 AM

Valid to:
11/21/2014 1:59:59 AM

Subject:
CN=NOSIBAY, OU=Nosibay Secure Developement, O=NOSIBAY, L=PEROLS, S=Hérault, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
4F1CA396B891ED381AFEECC074DB8714

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:qTBj/02kdr36M+4Yz2TqNyEWfXskbN2Sm:KBjM2kdrqMZNcuN2Sm

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.5554

Code size:
23.5 KB (24,064 bytes)

The file 60190.bubble dock addonsui.exe has been seen being distributed by the following 4 URLs.

Remove 60190.bubble dock addonsui.exe - Powered by Reason Core Security