62042.bubble_dock.bbd023.no.exe

Bubble Dock

NOSIBAY

The application 62042.bubble_dock.bbd023.no.exe, “Bubble Dock installer” by NOSIBAY has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn.bubbledock.net.
Publisher:
NOSIBAY  (signed and verified)

Product:
Bubble Dock

Description:
Bubble Dock installer

Version:
3.0.688.0.62042

MD5:
dce50ab19831fd682f1bca06196cb417

SHA-1:
669922a7e8cc37e8f582ab2c4f9db781ede5d7c2

SHA-256:
40ac537ec7854dcf38c6b383dd6437dfb0ba8f07546992d30b88f3d1ff066204

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 4:26:54 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.BubbleDock
2014.12.06

Baidu Antivirus
PUA.Win32.BubbleDock
4.0.3.14126

Dr.Web
Adware.Downware.9155
9.0.1.0340

ESET NOD32
Win32/BubbleDock
8.10833

IKARUS anti.virus
PUA.BubbleDock
t3scan.1.8.5.0

Malwarebytes
PUP.Optional.BubbleDock.A
v2014.12.06.01

McAfee
Artemis!DCE50AB19831
5600.6924

Reason Heuristics
PUP.Installer.NOSIBAY.Y
14.12.6.13

Trend Micro House Call
Suspici.E50E09E0
7.2.340

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
BubbleDock
35454

File size:
6.6 MB (6,912,568 bytes)

Copyright:
© Nosibay

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\62042.bubble_dock.bbd023.no.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
9/25/2014 2:00:00 AM

Valid to:
12/26/2015 12:59:59 AM

Subject:
CN=NOSIBAY, OU=Secure Application Development, O=NOSIBAY, L=PEROLS, S=Hérault, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
52E368957AD1C7202A103C7CFD7BD6C2

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:4reAPnrsrfkEm9XLtYqNPYCfEnxpt+B30GKpOAqGa/sxXlfMrPPG+kkCMGxNE:ge6Ew5NDfEx7+BEGwO45R+rlCxc

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file 62042.bubble_dock.bbd023.no.exe has been seen being distributed by the following URL.

Remove 62042.bubble_dock.bbd023.no.exe - Powered by Reason Core Security