home

cubby.exe

Cubby

LogMeIn, Inc.

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘LogMeIn Cubby’. This is installed with Cubby. The file has been seen being downloaded from www.cubby.com and multiple other hosts.
Publisher:
LogMeIn, Inc.  (signed and verified)

Product:
Cubby

Version:
1.0.0.12421

MD5:
9d87ac531a2a47d9436713555295ba10

SHA-1:
9cdc3ae30dec2ec2709df486862b055d9000aba2

SHA-256:
dfad0c0459a805a7687d6d6394ea3aca2fbe8519425de6f5cd4b3a1d99a5049d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 10:52:55 PM UTC  (today)

File size:
4.8 MB (5,020,432 bytes)

Product version:
1.0.0.12421

Copyright:
© LogMeIn, Inc. 2013. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\cubby\cubby.exe

Digital Signature
Signed by:
LogMeIn, Inc.

Authority:
VeriSign, Inc.

Valid from:
9/24/2012 7:00:00 PM

Valid to:
10/10/2015 6:59:59 PM

Subject:
CN="LogMeIn, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="LogMeIn, Inc.", S=Massachusetts, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3D7B7E4F14BB04BF34C26686A61ABDA0

File PE Metadata
Compilation timestamp:
11/4/2013 8:56:09 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:1RLumbBIVKEO+ytm4vOBwzuuLr9V2xEPIt0L:/LumbKKNtgwzuutMCP+0L

Entry address:
0x261CC5

Entry point:
E8, 50, FA, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, FF, 75, 0C, 8D, 4D, F0, E8, 6D, EA, FF, FF, 8B, 45, F0, 83, B8, AC, 00, 00, 00, 01, 7E, 13, 8D, 45, F0, 50, 6A, 01, FF, 75, 08, E8, B9, FA, 00, 00, 83, C4, 0C, EB, 10, 8B, 80, C8, 00, 00, 00, 8B, 4D, 08, 0F, B7, 04, 48, 83, E0, 01, 80, 7D, FC, 00, 74, 07, 8B, 4D, F8, 83, 61, 70, FD, C9, C3, 8B, FF, 55, 8B, EC, 83, 3D, 6C, 48, 76, 00, 00, 75, 12, 8B, 45, 08, 8B, 0D, 68, 5E, 75, 00, 0F, B7, 04, 41, 83, E0, 01, 5D, C3, 6A, 00, FF, 75, 08...
 
[+]

Entropy:
7.0220

Code size:
2.7 MB (2,852,352 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
LogMeIn Cubby

Command:
"C:\users\{user}\appdata\roaming\cubby\cubby.exe" -hidden


The file cubby.exe has been discovered within the following programs.

Cubby  by LogMeIn, Inc.
LogMeIn remote access products use a proprietary remote desktop protocol that is transmitted via SSL. An SSL certificate is created for each remote desktop and is used to cryptographically secure communications between the remote desktop and the accessing computer.
www.logmein.com
About 3% of users remove it
 
Powered by Should I Remove It?

The file cubby.exe has been seen being distributed by the following 3 URLs.

https://www.cubby.com/.../DownloadHostCDN.ashx?ostype=0&a=1&i=01_JDgch651igN

https://secure.join.me/Cubby/.../Cubby.exe

https://www.cubby.com/.../DownloadHostCDN.ashx?ostype=0

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.