bubble trouble.exe

The executable bubble trouble.exe has been detected as malware by 9 anti-virus scanners. The file has been seen being downloaded from www.indirbir.com.
Version:
1.0.0.0

MD5:
57954d575c8bc73df076e2745b3321e9

SHA-1:
829c5ceba18a43fa62eeabf00d9522c0b26d962b

SHA-256:
4b55ebc608867d9affe8af4740461403568fab2fc361f606f8053a7cf463df4b

Scanner detections:
9 / 68

Status:
Malware

Analysis date:
12/27/2024 2:50:25 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.38317
1093

avast!
Win32:Dropper-gen [Drp]
2014.9-140411

Bitdefender
Gen:Variant.Symmi.38317
1.0.20.185

Emsisoft Anti-Malware
Gen:Variant.Symmi.38317
8.14.02.06.02

F-Secure
Gen:Variant.Symmi.38317
11.2014-06-02_5

G Data
Gen:Variant.Symmi.38317
14.2.24

McAfee
Artemis!28EA09804B47
5600.7164

MicroWorld eScan
Gen:Variant.Symmi.38317
15.0.0.111

nProtect
Trojan.GenericKD.1511679
14.01.25.01

File size:
5.6 MB (5,831,249 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\bubble trouble.exe

File PE Metadata
Compilation timestamp:
11/24/2013 1:33:46 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:Isud2rCIkBC09p0Sbm21O292WFoLgd3XAvvNL5tQ8GKJabhKAFSQ99TdDMHooVtL:T/CIkBF923NL5O8GKJabhKAFSQGx7hV

Entry address:
0x3FF844

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, 7C, 1E, 7F, 00, E8, 6F, EB, C0, FF, 8B, 1D, F4, C5, 80, 00, 8B, 03, E8, 2A, FB, DE, FF, 8B, 03, B2, 01, E8, 6D, 18, DF, FF, 8B, 0D, 80, C2, 80, 00, 8B, 03, 8B, 15, 30, 02, 7F, 00, E8, 26, FB, DE, FF, 8B, 0D, 84, C5, 80, 00, 8B, 03, 8B, 15, F4, B8, 7E, 00, E8, 13, FB, DE, FF, 8B, 0D, 30, BD, 80, 00, 8B, 03, 8B, 15, B0, F4, 7E, 00, E8, 00, FB, DE, FF, 8B, 0D, D0, BD, 80, 00, 8B, 03, 8B, 15, F0, E8, 7E, 00, E8, ED, FA, DE, FF, 8B, 0D, E0, C9, 80, 00, 8B, 03, 8B, 15, 04, D9, 7E...
 
[+]

Entropy:
6.5586

Developed / compiled with:
Microsoft Visual C++

Code size:
4 MB (4,186,624 bytes)

The file bubble trouble.exe has been seen being distributed by the following URL.

Remove bubble trouble.exe - Powered by Reason Core Security