bubble dock bsetup.exe

Bubble Dock

NOSIBAY

The application bubble dock bsetup.exe, “Bubble Dock installer” by NOSIBAY has been detected as a potentially unwanted program by 15 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn.bubbledock.es.
Publisher:
NOSIBAY  (signed and verified)

Product:
Bubble Dock

Description:
Bubble Dock installer

Version:
3.0.630.0.58690

MD5:
a92ebe2c00a1b6fd827329c60e64e0bc

SHA-1:
07696262b49d194299031e18e9c64a0cbd699c06

SHA-256:
f1a51ca8f1ee8a50fb7cbc23dcaf60a110031d616a5889dc97306c0bf7fddc38

Scanner detections:
15 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 2:16:11 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.BubbleDock
2015.06.29

Bkav FE
W32.HfsAdware
1.3.0.6979

Dr.Web
BackDoor.Tordev.832
9.0.1.014

ESET NOD32
Win32/BubbleDock.A potentially unwanted application
10.7.0.302.0

G Data
Win32.Application.BubbleDock
16.1.25

IKARUS anti.virus
PUA.BubbleDock
t3scan.1.9.5.0

K7 AntiVirus
Riskware
13.205.16387

Malwarebytes
PUP.Optional.BubbleDock.A
v2016.01.14.01

McAfee
Trojan.Artemis!971FF06C6B61
5600.6521

NANO AntiVirus
Riskware.Win32.Agent.dhcmqv
0.30.24.2266

Reason Heuristics
PUP.NOSIBAY.Installer (M)
16.1.14.1

Sophos
PUA 'Bubble Dock' (of type Adware)
5.15

Vba32 AntiVirus
AdWare.Agent
3.12.26.4

VIPRE Antivirus
Threat.4791953
40830

Zillya! Antivirus
Adware.Agent.Win32.44819
2.0.0.2256

File size:
6.2 MB (6,454,920 bytes)

Copyright:
© Nosibay

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\bubble dock bsetup.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
9/16/2012 2:00:00 AM

Valid to:
10/17/2013 1:59:59 AM

Subject:
CN=NOSIBAY, OU=Nosibay Secure Developement, O=NOSIBAY, L=PEROLS, S=Hérault, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
15D415FC07F39945D54BD293F72D8A5F

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:orBwc5ygIV98x/3Exm5LjCQem6U8SeJMeFPLh2wNjrQHn1Vuo90J8POp9YDut7+W:QBD/38mcRJrR/ZEH1EPpeNJOJdh

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file bubble dock bsetup.exe has been seen being distributed by the following URL.

Remove bubble dock bsetup.exe - Powered by Reason Core Security