61599.bubble_dock.bbd023.no.exe

Bubble Dock

NOSIBAY

The application 61599.bubble_dock.bbd023.no.exe, “Bubble Dock installer” by NOSIBAY has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from cdn.bubbledock.co.uk and multiple other hosts.
Publisher:
NOSIBAY  (signed and verified)

Product:
Bubble Dock

Description:
Bubble Dock installer

Version:
3.0.673.0.61599

MD5:
2032937bc62cf5660480f4b1b3fe4da4

SHA-1:
b30e5f8456bd4054a784765ae392376efc932c64

SHA-256:
be2ead8f50dabd991a9cb4202cca5cb9a9cca59331d706ae92fda81e4b7d5d60

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
11/22/2024 8:29:20 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.BubbleDock
2014.10.26

Baidu Antivirus
PUA.Win32.BubbleDock
4.0.3.141026

ESET NOD32
Win32/BubbleDock
8.10620

IKARUS anti.virus
PUA.BubbleDock
t3scan.1.7.8.0

Malwarebytes
PUP.Optional.BubbleDock.A
v2014.10.26.03

McAfee
Artemis!2032937BC62C
5600.6965

Reason Heuristics
PUP.Installer.NOSIBAY.Y
14.10.26.15

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
BubbleDock
34232

File size:
6.6 MB (6,910,576 bytes)

Copyright:
© Nosibay

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\61599.bubble_dock.bbd023.no.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
9/25/2014 2:00:00 AM

Valid to:
12/26/2015 12:59:59 AM

Subject:
CN=NOSIBAY, OU=Secure Application Development, O=NOSIBAY, L=PEROLS, S=Hérault, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
52E368957AD1C7202A103C7CFD7BD6C2

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:jrqdzMy1vQW6T1UmX8/xy3owes/Vl+Upk25vSc2ywcRLeAbFcI71LohSDfIqcPMA:HSzZISmsA4w/ldSZc8sF57pnXIOo

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file 61599.bubble_dock.bbd023.no.exe has been seen being distributed by the following 2 URLs.

http://cdn.bubbledock.co.uk/setup/gb/.../61599.Bubble_Dock.BBD023.no.exe

Remove 61599.bubble_dock.bbd023.no.exe - Powered by Reason Core Security