bubble dock upsetup.exe

Bubble Dock

NOSIBAY

The application bubble dock upsetup.exe, “Bubble Dock installer” by NOSIBAY has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn.bubbledock.it and multiple other hosts.
Publisher:
NOSIBAY  (signed and verified)

Product:
Bubble Dock

Description:
Bubble Dock installer

Version:
3.0.629.0.58041

MD5:
27242f16d33c4b90d97544ccac15f1c3

SHA-1:
c23537e96eada8ca9165752a469c8bc543417e0f

SHA-256:
541d9a49b5a6ed5ddb74a7707431daf1c577e1274007006d329d86ba5a48103b

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 12:45:42 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.NOSIBAY.T
14.4.9.14

Trend Micro House Call
TROJ_GEN.F47V0418
7.2.99

File size:
449.6 KB (460,352 bytes)

Copyright:
© Nosibay

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\bubble dock upsetup.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
9/16/2012 2:00:00 AM

Valid to:
10/17/2013 1:59:59 AM

Subject:
CN=NOSIBAY, OU=Nosibay Secure Developement, O=NOSIBAY, L=PEROLS, S=Hérault, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
15D415FC07F39945D54BD293F72D8A5F

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:Le34wB3ri0RfDR9/0dZWLMb0Xudr35qIFl/6YHey2ZYc6x/LAz/M0JyLL:eTBj/02kdr35PsYz2M/k/Mayv

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file bubble dock upsetup.exe has been seen being distributed by the following 3 URLs.

Remove bubble dock upsetup.exe - Powered by Reason Core Security