install_bubbledock.exe

Bubble Dock

NOSIBAY

The application install_bubbledock.exe, “Bubble Dock installer” by NOSIBAY has been detected as a potentially unwanted program by 10 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from cdn.bubbledock.com.
Publisher:
NOSIBAY  (signed and verified)

Product:
Bubble Dock

Description:
Bubble Dock installer

Version:
3.0.630.0.58798

MD5:
b830ee14cd634f3c98115ebab2c84a62

SHA-1:
b4d980eba83aa4f673d5fc6a672b142696a554bc

SHA-256:
58bafa838ed957fb56656989d55ecbf82202df9e16796d893c2e6a2d591f780a

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
11/22/2024 8:44:14 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.BubbleDock
2014.11.04

Dr.Web
Adware.Downware.5766
9.0.1.048

ESET NOD32
Win32/BubbleDock
10.10662

Malwarebytes
PUP.Optional.BubbleDock.A
v2016.02.17.09

McAfee
Artemis!DDF95BDC6B8E
5600.6486

Reason Heuristics
PUP.NOSIBAY.Installer (M)
16.2.17.21

Rising Antivirus
NS:Malware.Install!1.9F21
23.00.65.16215

Sophos
Bubble Dock
4.98

Trend Micro House Call
TROJ_GEN.F47V0416
7.2.48

VIPRE Antivirus
Trojan.Win32.Generic!SB.0
34474

File size:
364.1 KB (372,856 bytes)

Copyright:
© Nosibay

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\install_bubbledock.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
9/16/2012 2:00:00 AM

Valid to:
10/17/2013 1:59:59 AM

Subject:
CN=NOSIBAY, OU=Nosibay Secure Developement, O=NOSIBAY, L=PEROLS, S=Hérault, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
15D415FC07F39945D54BD293F72D8A5F

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:ps3B3ri0RfDR9/0dZWLMb0Xudr3EpMjRcsQ6D/wcHl6As/:gTBj/02kdr3EpKcsHwCtK

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file install_bubbledock.exe has been seen being distributed by the following URL.

Remove install_bubbledock.exe - Powered by Reason Core Security