bubble dock bsetup.exe

Bubble Dock

NOSIBAY

The application bubble dock bsetup.exe, “Bubble Dock installer” by NOSIBAY has been detected as a potentially unwanted program by 13 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn.bubbledock.es.
Publisher:
NOSIBAY  (signed and verified)

Product:
Bubble Dock

Description:
Bubble Dock installer

Version:
3.0.630.0.58874

MD5:
cd722cceeb0b8f9ee21d67cf55923056

SHA-1:
360aa97c484234bf0fa0d693aee0075eeb8dcc11

SHA-256:
f9a9693ff465a73ce3c06c45e63a61de3df32445abec7fd4e22955f658ab20b0

Scanner detections:
13 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 1:57:57 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.BubbleDock
2015.02.27

Dr.Web
Adware.Downware.5766
9.0.1.05190

ESET NOD32
Win32/BubbleDock.A potentially unwanted application
7.0.302.0

G Data
Win32.Application.BubbleDock
15.2.25

IKARUS anti.virus
PUA.BubbleDock
t3scan.1.8.6.0

K7 AntiVirus
Unwanted-Program
13.1915099

Malwarebytes
PUP.Optional.BubbleDock.A
v2015.02.26.02

NANO AntiVirus
Riskware.Win32.Agent.dhcmqv
0.30.0.296

Reason Heuristics
PUP.Installer.NOSIBAY
15.2.26.14

Sophos
PUA 'Bubble Dock' (of type Adware)
5.10

Vba32 AntiVirus
AdWare.Agent
3.12.26.3

VIPRE Antivirus
Threat.4791953
37788

Zillya! Antivirus
Adware.Agent.Win32.44819
2.0.0.2082

File size:
6.2 MB (6,464,648 bytes)

Copyright:
© Nosibay

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\bubble dock bsetup.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
9/16/2012 2:00:00 AM

Valid to:
10/17/2013 1:59:59 AM

Subject:
CN=NOSIBAY, OU=Nosibay Secure Developement, O=NOSIBAY, L=PEROLS, S=Hérault, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
15D415FC07F39945D54BD293F72D8A5F

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:YrjIpUPkpCgZnxNIkZsERP5SvJNQpLGhcWvpwclm12Z3Luq+km9t2288pst2kfhP:AjLwXnnBrRPoNQNixwclzBku8yt1GyqK

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9883

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file bubble dock bsetup.exe has been seen being distributed by the following URL.

Remove bubble dock bsetup.exe - Powered by Reason Core Security