68408-658638-babylon-7.exe

Babylon Ltd.

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application 68408-658638-babylon-7.exe by Babylon has been detected as adware by 2 anti-malware scanners. This is a setup program which is used to install the application. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from i_eazel-com_babylon-7-7-0-3.fargutareflo.com.
Publisher:
Babylon Ltd.  (signed and verified)

MD5:
d8ae2bba18c20fa2c3db7d1e22b6f068

SHA-1:
6642196a49273a2722572b3b2742efe14aaf6fc5

SHA-256:
bb79b29b461ab6b95ca76ecead4269ed9ea80d43255a84b4b6ecc39c97e8e0a1

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
12/24/2024 4:24:20 PM UTC  (today)

Scan engine
Detection
Engine version

NANO AntiVirus
Riskware.Script.Babylon.cwhyhv
0.28.6.63850

Reason Heuristics
PUP.Babylon.W
14.12.3.19

File size:
11.6 MB (12,157,664 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\68408-658638-babylon-7.exe

Digital Signature
Signed by:

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
2/8/2007 3:00:00 AM

Valid to:
3/4/2008 2:59:59 AM

Subject:
CN=Babylon Ltd., OU=SECURE APPLICATION DEVELOPMENT, O=Babylon Ltd., L=Or-Yehuda, S=Or-Yehuda, C=IL

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
5B4F1D6192C4E67D48917FA06B93483F

File PE Metadata
Compilation timestamp:
7/23/2007 8:30:02 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
196608:ASaer3W3yFf7pxZGFLpXmhYx4siyOdw21LD3XQKdkqKcx5dzyv7aPrtSUsWYUwmP:ASaeq30dwLYhY7ivhD3XQGdzauJRsW0c

Entry address:
0x7EB8

Entry point:
E8, 19, 28, 00, 00, E9, 16, FE, FF, FF, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 10, 75, 20, E8, A4, 15, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 35, 15, 00, 00, 83, C4, 14, 83, C8, FF, E9, 80, 00, 00, 00, 8B, 4D, 0C, 3B, CB, 56, 8B, 75, 08, 74, 21, 3B, F3, 75, 1D, E8, 75, 15, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 06, 15, 00, 00, 83, C4, 14, 83, C8, FF, EB, 53, B8, FF, FF, FF, 7F, 3B, C8, 89, 45, E4, 77, 03, 89, 4D, E4, 57, FF, 75, 18, 8D, 45, E0, FF, 75, 14, C7, 45, EC...
 
[+]

Entropy:
7.9966  (probably packed)

Code size:
60 KB (61,440 bytes)

The file 68408-658638-babylon-7.exe has been seen being distributed by the following URL.

Remove 68408-658638-babylon-7.exe - Powered by Reason Core Security