bubble dock upsetup.exe

Bubble Dock

NOSIBAY

The application bubble dock upsetup.exe, “Bubble Dock installer” by NOSIBAY has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn.bubbledock.it and multiple other hosts.
Publisher:
NOSIBAY  (signed and verified)

Product:
Bubble Dock

Description:
Bubble Dock installer

Version:
3.0.629.0.58041

MD5:
515c2435ff6b0f437a163eb3a69a58aa

SHA-1:
ba86f0521d05ed1d88d26dc006a26b524d678c30

SHA-256:
7ab3636460e8cc3e5239bdc4fa60fbcbb40bc565a027932a50ed9cd721b716d4

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 1:25:57 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NOSIBAY.Installer (M)
16.1.9.14

Trend Micro House Call
TROJ_GEN.F47V0418
7.2.9

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.22.2

File size:
449.6 KB (460,384 bytes)

Copyright:
© Nosibay

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\bubble dock upsetup.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
9/16/2012 2:00:00 AM

Valid to:
10/17/2013 1:59:59 AM

Subject:
CN=NOSIBAY, OU=Nosibay Secure Developement, O=NOSIBAY, L=PEROLS, S=Hérault, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
15D415FC07F39945D54BD293F72D8A5F

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:Ge34wB3ri0RfDR9/0dZWLMb0Xudr3586YHey2ZYc6x/LAz/M0JyLj:5TBj/02kdr35rYz2M/k/MayX

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file bubble dock upsetup.exe has been seen being distributed by the following 2 URLs.

Remove bubble dock upsetup.exe - Powered by Reason Core Security