64020.bubble_dock.bbd023.no.exe

Bubble Dock

NOSIBAY

The application 64020.bubble_dock.bbd023.no.exe, “Bubble Dock Installer” by NOSIBAY has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from cdn.bubbledock.mx.
Publisher:
NOSIBAY  (signed and verified)

Product:
Bubble Dock

Description:
Bubble Dock Installer

Version:
3.0.705.0.64020

MD5:
f6ac3807267a059d0adde5ea374d8362

SHA-1:
a631404fb19c113739591fa8de2363cb7fd4c4c0

SHA-256:
8ddee9e1cfcbb4be84faecc8666121bd39f60a3e45f9aa3ab6a3b563bf636e34

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/26/2024 9:48:46 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NOSIBAY.Installer (M)
15.12.7.4

File size:
6.6 MB (6,891,488 bytes)

Copyright:
© Nosibay

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\64020.bubble_dock.bbd023.no.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
10/25/2015 7:00:00 PM

Valid to:
1/24/2017 5:59:59 PM

Subject:
CN=NOSIBAY, OU=Secure Application Development, O=NOSIBAY, L=PEROLS, S=Hérault, C=FR

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
5F167BED0657C4880A327813C55256A5

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:Rr2blgupnJBUyrhFI3WmGt+Z5wDl2L/VZ6pYzFM7x/IXcBEaXmNZODrDAmSMTzmb:liLbpI+tmsqYQMtXlDPz2fD

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9895

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file 64020.bubble_dock.bbd023.no.exe has been seen being distributed by the following URL.

Remove 64020.bubble_dock.bbd023.no.exe - Powered by Reason Core Security