Selection Tools.exe

Selection Tools

NOSIBAY

The application Selection Tools.exe by NOSIBAY has been detected as a potentially unwanted program by 15 anti-malware scanners. This file is typically installed with the program Selection Tools by Nosibay which is a potentially unwanted software program. While running, it connects to the Internet address server-54-230-51-160.jfk5.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
NOSIBAY  (signed and verified)

Product:
Selection Tools

Version:
3.1.57

MD5:
ad9271f6a9bb17a32c9f86167b1718ae

SHA-1:
f34aeaa5c8abd52ef44106b692e1a8e2a3de91df

SHA-256:
96398ec9c1df7eb9abc9941a8585acd99a09be40f5decea611dabfbe1b8c3d16

Scanner detections:
15 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 12:21:04 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.2934

Baidu Antivirus
PUA.Win32.BubbleDock
4.0.3.15115

Bkav FE
W32.HfsAdware
1.3.0.7383

Dr.Web
Adware.Downware.10519
9.0.1.0309

ESET NOD32
Win32/BubbleDock.B potentially unwanted (variant)
9.11973

Fortinet FortiGate
Riskware/BubbleDock
11/5/2015

IKARUS anti.virus
PUA.BubbleDock
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.207.16631

Kaspersky
not-a-virus:Downloader.Win32.Bubbledock
14.0.0.1166

Malwarebytes
PUP.Optional.Nosibay
v2015.11.05.07

McAfee
Artemis!AD9271F6A9BB
5600.6590

Panda Antivirus
PUP/Nosibay
15.11.05.07

Reason Heuristics
PUP.NOSIBAY (M)
15.11.5.19

Sophos
Bubble Dock (PUA)
4.98

VIPRE Antivirus
BubbleDock
45010

File size:
3.1 MB (3,259,152 bytes)

Product version:
3.1.57

Copyright:
(c) Copyright, All reproduction and distribution rights reserved to Nosibay

Original file name:
Selection Tools.exe

File type:
Executable application (Win32 EXE)

Language:
Francese (Francia)

Common path:
C:\users\{user}\appdata\roaming\wtools\selection tools\selection tools.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
9/25/2014 2:00:00 AM

Valid to:
12/26/2015 12:59:59 AM

Subject:
CN=NOSIBAY, OU=Secure Application Development, O=NOSIBAY, L=PEROLS, S=Hérault, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
52E368957AD1C7202A103C7CFD7BD6C2

File PE Metadata
Compilation timestamp:
11/4/2015 11:33:43 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:LLyyU+ic4soBuJe0VeH8XbG7lmAPjynFi3IA+EO:LV94+e4KyFi3IA+EO

Entry address:
0x20E8DB

Entry point:
E8, 21, 1B, 01, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 10, 7B, 6D, 00, E8, 1F, 4B, 00, 00, E8, 33, FA, 00, 00, 0F, B7, F0, 6A, 02, E8, B4, 1A, 01, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 4A, E1, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
2.4 MB (2,479,616 bytes)

The file Selection Tools.exe has been discovered within the following program.

Selection Tools  by Nosibay
Selection Tools is a potentially unwanted program.
About 63% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to a23-56-201-187.deploy.static.akamaitechnologies.com  (23.56.201.187:443)

TCP (HTTP SSL):
Connects to a184-27-110-239.deploy.static.akamaitechnologies.com  (184.27.110.239:443)

TCP (HTTP SSL):
Connects to a96-17-212-100.deploy.akamaitechnologies.com  (96.17.212.100:443)

TCP (HTTP):
Connects to server-54-230-141-137.sfo5.r.cloudfront.net  (54.230.141.137:80)

TCP (HTTP SSL):
Connects to a23-0-90-227.deploy.static.akamaitechnologies.com  (23.0.90.227:443)

TCP (HTTP):
Connects to server-54-230-206-61.atl50.r.cloudfront.net  (54.230.206.61:80)

TCP (HTTP):
Connects to server-54-192-37-195.jfk1.r.cloudfront.net  (54.192.37.195:80)

TCP (HTTP SSL):
Connects to a23-60-3-189.deploy.static.akamaitechnologies.com  (23.60.3.189:443)

TCP (HTTP SSL):
Connects to a23-0-90-229.deploy.static.akamaitechnologies.com  (23.0.90.229:443)

TCP (HTTP):
Connects to server-54-230-141-149.sfo5.r.cloudfront.net  (54.230.141.149:80)

TCP (HTTP):
Connects to server-52-84-239-142.sfo5.r.cloudfront.net  (52.84.239.142:80)

TCP (HTTP SSL):
Connects to a23-1-113-163.deploy.static.akamaitechnologies.com  (23.1.113.163:443)

TCP (HTTP SSL):
Connects to a184-51-68-53.deploy.static.akamaitechnologies.com  (184.51.68.53:443)

TCP (HTTP):
Connects to server-54-230-51-160.jfk5.r.cloudfront.net  (54.230.51.160:80)

TCP (HTTP):
Connects to server-54-230-141-61.sfo5.r.cloudfront.net  (54.230.141.61:80)

TCP (HTTP):
Connects to server-54-230-141-162.sfo5.r.cloudfront.net  (54.230.141.162:80)

TCP (HTTP):
Connects to server-52-85-94-209.jfk5.r.cloudfront.net  (52.85.94.209:80)

TCP (HTTP SSL):
Connects to a23-214-232-152.deploy.static.akamaitechnologies.com  (23.214.232.152:443)

TCP (HTTP SSL):
Connects to a184-25-183-3.deploy.static.akamaitechnologies.com  (184.25.183.3:443)

TCP (HTTP SSL):
Connects to a104-97-134-70.deploy.static.akamaitechnologies.com  (104.97.134.70:443)

Remove Selection Tools.exe - Powered by Reason Core Security