Selection Tools.exe

Selection Tools

NOSIBAY

The application Selection Tools.exe by NOSIBAY has been detected as a potentially unwanted program by 3 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Selection Tools’. This file is typically installed with the program Selection Tools by Nosibay which is a potentially unwanted software program. While running, it connects to the Internet address server-52-84-63-226.ord51.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
NOSIBAY  (signed and verified)

Product:
Selection Tools

Version:
3.0.703

MD5:
b413414b666e501928e91f63d2a99f5e

SHA-1:
80fb7f0728be0868f20957cea9a7c171e5fffec7

SHA-256:
4fd3c68e9a55aa4135b8e3b9d2953083bf1f326e9fe4dd70192f18e74c4ce4ce

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 1:14:58 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3256

IKARUS anti.virus
PUA.BubbleDock
t3scan.1.8.5.0

Reason Heuristics
PUP.Startup.NOSIBAY.P
14.12.19.7

File size:
1.4 MB (1,510,160 bytes)

Product version:
3.0.703

Copyright:
(c) Copyright, All reproduction and distribution rights reserved to Nosibay

Original file name:
Selection Tools.exe

File type:
Executable application (Win32 EXE)

Language:
French (France)

Common path:
C:\users\{user}\appdata\roaming\wtools\selection tools\selection tools.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
9/25/2014 2:00:00 AM

Valid to:
12/26/2015 12:59:59 AM

Subject:
CN=NOSIBAY, OU=Secure Application Development, O=NOSIBAY, L=PEROLS, S=Hérault, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
52E368957AD1C7202A103C7CFD7BD6C2

File PE Metadata
Compilation timestamp:
12/16/2014 3:07:19 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
24576:cd5nS3R2OAluvfEdsqD1OpDFOmE1bhesGDgnJFF4ZJB4f/wYpjX7TXf:AU7AluvID1U89YD4FFKIf/wYpjX7TP

Entry address:
0xF410D

Entry point:
6A, 60, 68, F8, 92, 54, 00, E8, 6F, 3B, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, 5B, E6, FF, FF, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, F8, 13, 53, 00, 8B, 4E, 10, 89, 0D, 30, CB, 56, 00, 8B, 46, 04, A3, 3C, CB, 56, 00, 8B, 56, 08, 89, 15, 40, CB, 56, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 34, CB, 56, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 34, CB, 56, 00, C1, E0, 08, 03, C2, A3, 38, CB, 56, 00, 33, F6, 56, 8B, 3D, E0, 11, 53, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
1.2 MB (1,245,184 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Selection Tools

Command:
"C:\users\{user}\appdata\roaming\wtools\selection tools\selection tools.exe" \winstartup


The file Selection Tools.exe has been discovered within the following program.

Selection Tools  by Nosibay
Selection Tools is a potentially unwanted program.
About 63% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-52-84-63-226.ord51.r.cloudfront.net  (52.84.63.226:80)

TCP (HTTP):
Connects to ifd2.bubbledock.co.uk  (94.23.156.62:80)

TCP (HTTP):
Connects to a88-221-145-43.deploy.akamaitechnologies.com  (88.221.145.43:80)

TCP (HTTP):
Connects to server-54-230-77-41.cdg50.r.cloudfront.net  (54.230.77.41:80)

TCP (HTTP):
Connects to server-54-230-77-199.cdg50.r.cloudfront.net  (54.230.77.199:80)

TCP (HTTP):
Connects to server-54-230-76-180.cdg50.r.cloudfront.net  (54.230.76.180:80)

TCP (HTTP):
Connects to server-54-230-71-86.sea50.r.cloudfront.net  (54.230.71.86:80)

TCP (HTTP):
Connects to server-54-192-27-235.mxp4.r.cloudfront.net  (54.192.27.235:80)

TCP (HTTP):
Connects to server-54-192-27-139.mxp4.r.cloudfront.net  (54.192.27.139:80)

TCP (HTTP):
Connects to server-54-192-27-106.mxp4.r.cloudfront.net  (54.192.27.106:80)

TCP (HTTP):
Connects to server-54-192-25-39.mxp4.r.cloudfront.net  (54.192.25.39:80)

TCP (HTTP):
Connects to server-52-85-173-152.fra6.r.cloudfront.net  (52.85.173.152:80)

TCP (HTTP):
Connects to ec2-50-16-225-177.compute-1.amazonaws.com  (50.16.225.177:80)

TCP (HTTP):
Connects to ceviche.yabison.com  (46.105.114.185:80)

TCP (HTTP):
Connects to burritos.yabison.com  (91.121.69.110:80)

TCP (HTTP):
Connects to 79-125-232-198.static.unitasglobal.net  (198.232.125.79:80)

Remove Selection Tools.exe - Powered by Reason Core Security