bubble dock upsetup.exe

Bubble Dock

NOSIBAY

The application bubble dock upsetup.exe, “Bubble Dock installer” by NOSIBAY has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn.bubbledock.com and multiple other hosts.
Publisher:
NOSIBAY  (signed and verified)

Product:
Bubble Dock

Description:
Bubble Dock installer

Version:
3.0.629.0.58041

MD5:
11fcf59233676ff3a5704ded0799d8a3

SHA-1:
6259d76ae4a9887f1d0c0a08904c94f4614fafdb

SHA-256:
08a056dc6a99917883a10154fe56fa4517460f8228122eb8c693248002c27922

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/22/2024 8:54:31 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.NOSIBAY.T
14.2.21.9

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.22.2

File size:
791.9 KB (810,952 bytes)

Copyright:
© Nosibay

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\bubble dock upsetup.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
9/16/2012 2:00:00 AM

Valid to:
10/17/2013 1:59:59 AM

Subject:
CN=NOSIBAY, OU=Nosibay Secure Developement, O=NOSIBAY, L=PEROLS, S=Hérault, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
15D415FC07F39945D54BD293F72D8A5F

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:iTBj/02kdr3KZYz24N/es6iatfAhy/9ArgcVJgWvz2HN/1vvg:SBjM2kdr6s/n5a5AU/96Hu/Bvg

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file bubble dock upsetup.exe has been seen being distributed by the following 2 URLs.

Remove bubble dock upsetup.exe - Powered by Reason Core Security