BambooCore.exe

BambooCore

Wacom Europe GmbH

The executable BambooCore.exe, “BambooDock back-end application” has been detected as malware by 3 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘BambooCore’.
Publisher:
Wacom Europe GmbH  (signed and verified)

Product:
BambooCore

Description:
BambooDock back-end application

Version:
2.0.1.1

MD5:
fbcba21b27ffbdf0ce460b008afc8b6f

SHA-1:
69317577bd68355a5b43f5047b44539cd47c1e9d

SHA-256:
f4215c3b25b00a9233e0abd6bc58387fa891173241770a00e35203e2d3d01df6

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
11/24/2024 2:36:59 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Floxif.H virus
6.3.12010.0

F-Prot
W32/Floxif.B
4.6.5.141

F-Secure
Win32.Floxif.A
5.15.154

File size:
671.6 KB (687,703 bytes)

Product version:
2.01.1

Copyright:
Copyright (C) 2009 Wacom Europe GmbH

Original file name:
BambooCore.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\Program Files\bamboo dock\bamboocore.exe

Digital Signature
Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
9/10/2009 5:00:00 PM

Valid to:
9/11/2010 4:59:59 PM

Subject:
CN=Wacom Europe GmbH, OU="WACOM CO., LTD.", O=Wacom Europe GmbH, L=Krefeld, S=NRW, C=DE

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
5F9D8073F85F5F523CC43C49019FFD5C

File PE Metadata
Compilation timestamp:
6/24/2010 9:55:44 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x21CD1

Entry point:
E9, D9, FC, 02, 00, E9, 79, FE, FF, FF, 3B, 0D, 04, A4, 47, 00, 75, 02, F3, C3, E9, 88, 88, 00, 00, 8B, FF, 55, 8B, EC, 5D, E9, 4B, 46, 00, 00, 8B, FF, 55, 8B, EC, FF, 75, 08, 51, E8, E5, 89, 00, 00, 59, 59, 5D, C2, 04, 00, 8B, FF, 51, C7, 01, F0, 9F, 46, 00, E8, 61, 89, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, B8, FF, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, FF, 75, 08, 51, E8, 38, 8B, 00, 00, 59, 59, 5D, C2, 04, 00, 8B, FF, 51...
 
[+]

Entropy:
6.5182

Packer / compiler:
Xtreme-Protector v1.05

Code size:
405 KB (414,720 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
BambooCore

Command:
C:\Program Files\bamboo dock\bamboocore.exe


Remove BambooCore.exe - Powered by Reason Core Security