Bubble Dock.exe

Bubble Dock

NOSIBAY

The application Bubble Dock.exe by NOSIBAY has been detected as a potentially unwanted program by 5 anti-malware scanners. While running, it connects to the Internet address server-54-230-46-78.fra6.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
NOSIBAY  (signed and verified)

Product:
Bubble Dock

Version:
3.0.641

MD5:
3ead6b3d7725a17acb34e5219c613729

SHA-1:
590585a028c53bc6ce5959a29e5dd617205872f1

SHA-256:
9748d91fa785e64f42657fc637216a2b52caa0667414065ff608dbd3981147e0

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 4:24:37 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/BubbleDock (variant)
8.9477

Reason Heuristics
PUP.NOSIBAY.L
14.3.5.0

Rising Antivirus
PE:Malware.XPACK/RDM!5.1
23.00.65.14124

Trend Micro House Call
TROJ_GEN.F47V1219
7.2.26

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

File size:
4.9 MB (5,154,320 bytes)

Product version:
3.0.641

Copyright:
(c) Copyright, All reproduction and distribution rights reserved to Nosibay

Original file name:
Bubble Dock.exe

File type:
Executable application (Win32 EXE)

Language:
French (France)

Common path:
C:\users\{user}\appdata\roaming\nosibay\bubble dock\bubble dock.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
9/21/2013 2:00:00 AM

Valid to:
11/21/2014 12:59:59 AM

Subject:
CN=NOSIBAY, OU=Nosibay Secure Developement, O=NOSIBAY, L=PEROLS, S=Hérault, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
4F1CA396B891ED381AFEECC074DB8714

File PE Metadata
Compilation timestamp:
10/31/2013 5:36:21 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
49152:6+o1/ZPIjKDqq7BrR2CmpgT8KxsM+7B7dfZF0P/AtImsuIMYTmdwFGHignXtSTTf:ArDaCzx6AP/AGnMYTO1ign2r

Entry address:
0x342C1C

Entry point:
6A, 60, 68, 28, 15, 82, 00, E8, 0C, 33, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, 1C, C9, FF, FF, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, AC, C5, 7D, 00, 8B, 4E, 10, 89, 0D, 58, 5C, 89, 00, 8B, 46, 04, A3, 64, 5C, 89, 00, 8B, 56, 08, 89, 15, 68, 5C, 89, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 5C, 5C, 89, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 5C, 5C, 89, 00, C1, E0, 08, 03, C2, A3, 60, 5C, 89, 00, 33, F6, 56, 8B, 3D, D8, C4, 7D, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
3.9 MB (4,042,752 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-94-177.fra2.r.cloudfront.net  (54.230.94.177:80)

TCP (HTTP):
Connects to server-54-230-47-243.fra6.r.cloudfront.net  (54.230.47.243:80)

TCP (HTTP):
Connects to server-54-230-46-78.fra6.r.cloudfront.net  (54.230.46.78:80)

TCP (HTTP):
Connects to server-54-230-46-220.fra6.r.cloudfront.net  (54.230.46.220:80)

TCP (HTTP):
Connects to server-54-230-46-105.fra6.r.cloudfront.net  (54.230.46.105:80)

TCP (HTTP):
Connects to server-54-230-44-94.fra6.r.cloudfront.net  (54.230.44.94:80)

TCP (HTTP):
Connects to nosibay1.alinto.net  (83.145.109.178:80)

TCP (HTTP):
Connects to burritos.yabison.com  (91.121.69.110:80)

Remove Bubble Dock.exe - Powered by Reason Core Security