Selection Tools.exe

Selection Tools

NOSIBAY

The application Selection Tools.exe by NOSIBAY has been detected as a potentially unwanted program by 16 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Selection Tools’. This file is typically installed with the program Selection Tools by Nosibay which is a potentially unwanted software program.
Publisher:
NOSIBAY  (signed and verified)

Product:
Selection Tools

Version:
3.1.59

MD5:
e47acd26a055e9fb6023c312383df7cd

SHA-1:
625c95add0ed525a849a048bbc3b217a5a6fb0a4

SHA-256:
392b16dc837388791c99b561b30c54e5eec826f7b278ba64d5c5b01b6aaf0490

Scanner detections:
16 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 11:34:03 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.2922

Baidu Antivirus
PUA.Win32.BubbleDock
4.0.3.151117

Bkav FE
W32.HfsAdware
1.3.0.7383

Dr.Web
Adware.Downware.10519
9.0.1.0321

ESET NOD32
Win32/BubbleDock.B potentially unwanted (variant)
9.11973

Fortinet FortiGate
Riskware/BubbleDock
11/17/2015

IKARUS anti.virus
not-a-virus:Downloader.Bubbledock
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.207.16631

Kaspersky
not-a-virus:Downloader.Win32.Bubbledock
14.0.0.1107

Malwarebytes
PUP.Optional.Nosibay
v2015.11.17.04

McAfee
Artemis!AD9271F6A9BB
5600.6578

Panda Antivirus
PUP/Nosibay
15.11.17.04

Reason Heuristics
PUP.NOSIBAY (M)
15.11.17.16

Sophos
Bubble Dock (PUA)
4.98

SUPERAntiSpyware
PUP.Nosibay/Variant
9502

VIPRE Antivirus
BubbleDock
45254

File size:
3.1 MB (3,259,152 bytes)

Product version:
3.1.59

Copyright:
(c) Copyright, All reproduction and distribution rights reserved to Nosibay

Original file name:
Selection Tools.exe

File type:
Executable application (Win32 EXE)

Language:
Francese (Francia)

Common path:
C:\users\{user}\appdata\roaming\wtools\selection tools\selection tools.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
9/25/2014 2:00:00 AM

Valid to:
12/26/2015 12:59:59 AM

Subject:
CN=NOSIBAY, OU=Secure Application Development, O=NOSIBAY, L=PEROLS, S=Hérault, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
52E368957AD1C7202A103C7CFD7BD6C2

File PE Metadata
Compilation timestamp:
11/17/2015 3:25:13 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:TLyyf+ic4soBuJe0VeH8XbG7lmAPjynFi3IA4EG:TVg4+e4KyFi3IA4EG

Entry address:
0x20E8DB

Entry point:
E8, 21, 1B, 01, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 10, 7B, 6D, 00, E8, 1F, 4B, 00, 00, E8, 33, FA, 00, 00, 0F, B7, F0, 6A, 02, E8, B4, 1A, 01, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 4A, E1, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
2.4 MB (2,479,616 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Selection Tools

Command:
"C:\users\{user}\appdata\roaming\wtools\selection tools\selection tools.exe" \winstartup


The file Selection Tools.exe has been discovered within the following program.

Selection Tools  by Nosibay
Selection Tools is a potentially unwanted program.
About 63% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):
Connects to a104-85-55-236.deploy.static.akamaitechnologies.com  (104.85.55.236:443)

Remove Selection Tools.exe - Powered by Reason Core Security