Bubble Dock.exe

Bubble Dock

NOSIBAY

The application Bubble Dock.exe by NOSIBAY has been detected as a potentially unwanted program by 10 anti-malware scanners.
Publisher:
NOSIBAY  (signed and verified)

Product:
Bubble Dock

Version:
3.0.647

MD5:
91ada8257836723f421c7486236fe5b7

SHA-1:
8083a815c01e08729acd20d706d28cfaa22c4d74

SHA-256:
1f6094591e93cfdbffccc82949d629b490e9564c1837d774c58fa62c845681c2

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
11/20/2017 8:27:06 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3353

Baidu Antivirus
PUA.Win32.BubbleDock
4.0.3.14913

ESET NOD32
Win32/BubbleDock (variant)
8.10390

McAfee
Artemis!68655B96ED7D
5600.7009

McAfee Web Gateway
Artemis!68655B96ED7D
7.7009

Reason Heuristics
PUP.NOSIBAY.L
14.9.13.3

Sophos
Bubble Dock
4.98

Trend Micro House Call
TROJ_GEN.F47V1219
7.2.256

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.4150696
31208

File size:
4.9 MB (5,129,744 bytes)

Product version:
3.0.647

Copyright:
(c) Copyright, All reproduction and distribution rights reserved to Nosibay

Original file name:
Bubble Dock.exe

File type:
Executable application (Win32 EXE)

Language:
French (France)

Common path:
C:\users\{user}\appdata\roaming\nosibay\bubble dock\bubble dock.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
9/21/2013 1:00:00 AM

Valid to:
11/20/2014 11:59:59 PM

Subject:
CN=NOSIBAY, OU=Nosibay Secure Developement, O=NOSIBAY, L=PEROLS, S=Hérault, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
4F1CA396B891ED381AFEECC074DB8714

File PE Metadata
Compilation timestamp:
7/7/2014 4:54:01 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
49152:vvJX/BlLgW2bHRI73OqasjcwBJWNwEH4kUJDcgPPU31sogR72rg4TiBd4DJ8xRTh:3JgdbHRI7+Rz4kUJDcgXi1sooKStr

Entry address:
0x33ECCC

Entry point:
6A, 60, 68, 70, C6, 81, 00, E8, 0C, 33, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, 1C, C9, FF, FF, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, AC, 75, 7D, 00, 8B, 4E, 10, 89, 0D, 38, FD, 88, 00, 8B, 46, 04, A3, 44, FD, 88, 00, 8B, 56, 08, 89, 15, 48, FD, 88, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 3C, FD, 88, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 3C, FD, 88, 00, C1, E0, 08, 03, C2, A3, 40, FD, 88, 00, 33, F6, 56, 8B, 3D, DC, 74, 7D, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Entropy:
6.4779

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
3.8 MB (4,022,272 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to s1-eu.adformnet.akadns.net  (37.157.6.251:80)

TCP (HTTP):
Connects to tacos.yabison.com  (188.165.192.12:80)

TCP (HTTP):
Connects to server-54-240-172-238.cdg50.r.cloudfront.net  (54.240.172.238:80)

TCP (HTTP):
Connects to server-54-192-25-95.mxp4.r.cloudfront.net  (54.192.25.95:80)

TCP (HTTP):
Connects to nosibay1.alinto.net  (83.145.109.178:80)

TCP (HTTP):
Connects to mpr2.ngd.vip.ch1.yahoo.com  (217.163.21.35:80)

TCP (HTTP):
Connects to ifd2.bubbledock.it  (94.23.67.109:80)

TCP (HTTP):
Connects to edge-star-mini-shv-01-mxp1.facebook.com  (31.13.86.36:80)

TCP (HTTP):
Connects to ec2-54-243-56-0.compute-1.amazonaws.com  (54.243.56.0:80)

TCP (HTTP):
Connects to ec2-54-225-69-34.compute-1.amazonaws.com  (54.225.69.34:80)

TCP (HTTP):
Connects to ec2-52-30-10-26.eu-west-1.compute.amazonaws.com  (52.30.10.26:80)

TCP (HTTP):
Connects to ec2-52-211-12-109.eu-west-1.compute.amazonaws.com  (52.211.12.109:80)

TCP (HTTP):
Connects to ec2-52-19-114-209.eu-west-1.compute.amazonaws.com  (52.19.114.209:80)

TCP (HTTP):
Connects to burritos.yabison.com  (91.121.69.110:80)

TCP (HTTP):
Connects to adfarm-global.mplx.akadns.net  (89.207.18.182:80)

TCP (HTTP SSL):
Connects to a23-13-183-105.deploy.static.akamaitechnologies.com  (23.13.183.105:443)

TCP (HTTP SSL):
Connects to a104-83-85-26.deploy.static.akamaitechnologies.com  (104.83.85.26:443)

TCP (HTTP):
Connects to 88.94.155.104.bc.googleusercontent.com  (104.155.94.88:80)

Remove Bubble Dock.exe - Powered by Reason Core Security