bubble dock upsetup.exe

Bubble Dock

NOSIBAY

The application bubble dock upsetup.exe, “Bubble Dock installer” by NOSIBAY has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn.bubbledock.com and multiple other hosts.
Publisher:
NOSIBAY  (signed and verified)

Product:
Bubble Dock

Description:
Bubble Dock installer

Version:
3.0.629.0.58041

MD5:
95991b00dcd6901ff14b5881229d949b

SHA-1:
e50e83672741c2887eb7ed4002e85e94e32875f8

SHA-256:
01318f1a25dd2599e99234720bad0e2f5a379f7fa64b4ee216f034fae74468d9

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 12:44:02 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.NOSIBAY.T
14.2.21.9

Trend Micro House Call
TROJ_GEN.F47V0418
7.2.10

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.22.2

File size:
688.6 KB (705,088 bytes)

Copyright:
© Nosibay

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\bubble dock upsetup.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
9/16/2012 2:00:00 AM

Valid to:
10/17/2013 1:59:59 AM

Subject:
CN=NOSIBAY, OU=Nosibay Secure Developement, O=NOSIBAY, L=PEROLS, S=Hérault, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
15D415FC07F39945D54BD293F72D8A5F

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:hTBj/02kdr35pYz2M/k/MayCWL/io0bUNKH56Hc+Gs8ooNw:JBjM2kdrJkWFyCWLFURHns8ox

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file bubble dock upsetup.exe has been seen being distributed by the following 4 URLs.

http://cdn.bubbledock.com/dld/update/2013_05_13/.../Bubble Dock AddonsUI.exe

Remove bubble dock upsetup.exe - Powered by Reason Core Security