cubby.exe

Cubby

LogMeIn, Inc.

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘LogMeIn Cubby’. This is installed with Cubby. The file has been seen being downloaded from www.cubby.com and multiple other hosts.
Publisher:
LogMeIn, Inc.  (signed and verified)

Product:
Cubby

Version:
1.0.0.12494

MD5:
31529500431ed207af98c4ac090de3bd

SHA-1:
fddb5295f3852a82f716cd843dd30b6026b29fe8

SHA-256:
09436422983d2594b04a8426d51ef0a48c97d9be40d040b3dd4314474e292612

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 11:12:11 PM UTC  (a few moments ago)

File size:
5.1 MB (5,306,640 bytes)

Product version:
1.0.0.12494

Copyright:
© LogMeIn, Inc. 2013-2014. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\cubby\cubby.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
9/25/2012 5:30:00 AM

Valid to:
10/11/2015 5:29:59 AM

Subject:
CN="LogMeIn, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="LogMeIn, Inc.", S=Massachusetts, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3D7B7E4F14BB04BF34C26686A61ABDA0

File PE Metadata
Compilation timestamp:
4/10/2014 3:18:31 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:ypxcmxjN3BguBro9Vwgi5JjMoaeAG8te3UQsscs71Hf0:GxLxR3NJo9OJjB8teCGlf0

Entry address:
0x28C31D

Entry point:
E8, B7, FB, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, FF, 75, 0C, 8D, 4D, F0, E8, 65, EA, FF, FF, 8B, 45, F0, 83, B8, AC, 00, 00, 00, 01, 7E, 13, 8D, 45, F0, 50, 6A, 01, FF, 75, 08, E8, 20, FC, 00, 00, 83, C4, 0C, EB, 10, 8B, 80, C8, 00, 00, 00, 8B, 4D, 08, 0F, B7, 04, 48, 83, E0, 01, 80, 7D, FC, 00, 74, 07, 8B, 4D, F8, 83, 61, 70, FD, C9, C3, 8B, FF, 55, 8B, EC, 83, 3D, F0, 9D, 7A, 00, 00, 75, 12, 8B, 45, 08, 8B, 0D, 08, A3, 79, 00, 0F, B7, 04, 41, 83, E0, 01, 5D, C3, 6A, 00, FF, 75, 08...
 
[+]

Entropy:
7.0138

Code size:
2.9 MB (3,082,752 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
LogMeIn Cubby

Command:
"C:\users\{user}\appdata\roaming\cubby\cubby.exe" -hidden


The file cubby.exe has been discovered within the following programs.

Cubby  by LogMeIn, Inc.
LogMeIn remote access products use a proprietary remote desktop protocol that is transmitted via SSL. An SSL certificate is created for each remote desktop and is used to cryptographically secure communications between the remote desktop and the accessing computer.
www.logmein.com
About 3% of users remove it
 
Powered by Should I Remove It?

The file cubby.exe has been seen being distributed by the following 2 URLs.