» bubble dock bsetup.exe
Overview
Analysis
File Details

bubble dock bsetup.exe

Bubble Dock

NOSIBAY

The application bubble dock bsetup.exe, “Bubble Dock installer” by NOSIBAY has been detected as a potentially unwanted program by 12 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory.

File name:

Publisher:

NOSIBAY (signed and verified)

Product:

Bubble Dock

Description:

Bubble Dock installer

Version:

3.0.591.0.53293

MD5:

897cd7b6e2af292bc4edca61c24c6e7c

SHA-1:

1ff7ed6781b10ad1fa8324222ef8db1802c035de

SHA-256:

52bc90c5d47f4a7c51d593355d6f46f58404b0c9eaf765a587a3ffeb2f7f97fe

Scanner detections:

12 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 8:01:09 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.BubbleDock

2014.11.11

ESET NOD32

Win32/BubbleDock.A potentially unwanted application

10.7.0.302.0

IKARUS anti.virus

PUA.BubbleDock

t3scan.1.8.3.0

K7 AntiVirus

Trojan

13.185.13965

Malwarebytes

PUP.Optional.BubbleDock.A

v2016.02.04.02

McAfee

Artemis!BE42CE78BF1E

5600.6500

NANO AntiVirus

Riskware.Win32.Agent.dhcmqv

0.28.6.62995

Reason Heuristics

PUP.NOSIBAY.Installer (M)

16.2.4.2

Sophos

Bubble Dock

4.98

Trend Micro House Call

Suspici.A05D7F27

7.2.35

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

VIPRE Antivirus

Threat.4791953

34232

File size:

5.8 MB (6,034,272 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\bubble dock bsetup.exe

Digital Signature

Signed by:

NOSIBAY

Authority:

Thawte, Inc.

Valid from:

6/28/2011 2:00:00 AM

Valid to:

7/28/2012 1:59:59 AM

Subject:

CN=NOSIBAY, OU=Nosibay Development Team, O=NOSIBAY, L=PEROLS, S=Herault, C=FR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

48B8CBA6DE2D386D8CD5DE3D94F2FAEE

File PE Metadata

Compilation timestamp:

12/5/2009 11:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:Eah2T7J2xdkQbS5pabHtvVGVTOacVpAU2Al+UsL2tkBytEi3QsknTe9TSu3DtePE:EankoUpQGVTORVpAU2aQL2aeR9GuTte8

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

Remove bubble dock bsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.