airc52e.exe

Bubble Dock

NOSIBAY

The application airc52e.exe, “Bubble Dock installer” by NOSIBAY has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn.chironexfleckeriolive.com and multiple other hosts.
Publisher:
NOSIBAY  (signed and verified)

Product:
Bubble Dock

Description:
Bubble Dock installer

Version:
3.0.641.0.60224

MD5:
b18c1c4ba1a7c5710be9b52cca20125d

SHA-1:
95bfe621987d780f55e33af6ddeb2e70005594b8

SHA-256:
ec210987c408b9d3eaced5d904d4626532ede78af7bda4e0d0389a3618231751

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 5:52:26 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.BubbleDock
2014.08.27

AVG
Generic
2015.0.3363

Dr.Web
Adware.Downware.5766
9.0.1.0245

ESET NOD32
Win32/BubbleDock
8.10321

Malwarebytes
PUP.Optional.BubbleDock.A
v2014.09.02.03

McAfee
Artemis!B18C1C4BA1A7
5600.7019

Reason Heuristics
PUP.Installer.NOSIBAY.H
14.9.2.15

Sophos
Bubble Dock
4.98

VIPRE Antivirus
Trojan.Win32.Generic
32582

File size:
364.1 KB (372,864 bytes)

Copyright:
© Nosibay

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\airc52e.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
9/21/2013 1:00:00 AM

Valid to:
11/20/2014 11:59:59 PM

Subject:
CN=NOSIBAY, OU=Nosibay Secure Developement, O=NOSIBAY, L=PEROLS, S=Hérault, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
4F1CA396B891ED381AFEECC074DB8714

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:Ms3B3ri0RfDR9/0dZWLMb0Xudr3DV4w/xC03tpHzabZCs:zTBj/02kdr3DrZCotpTaFCs

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.0818

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file airc52e.exe has been seen being distributed by the following 2 URLs.

Remove airc52e.exe - Powered by Reason Core Security