home

babmaint.exe

Babylon Ltd.

This is the maintenance task (EPUpdater) installed with a Babylon branded web browser toolbar (search adware). The scheduled task will check to make sure that the installed browser extensions for Chorme, Firefox and IE are installed as well as the home page and search provider are set to the Babylon partner site. The application babmaint.exe by Babylon has been detected as adware by 9 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named EPUpdater triggered daily at a specified time. Additionally, the file is typically installed by a number of programs including Delta Chrome Toolbar by Visual Tools and Search-Gol Chrome Toolbar by Search-Gol, both potentially unwanted software. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.
Publisher:
Babylon Ltd.  (signed and verified)

MD5:
f64487396ab10165dc80bc15cf854d31

SHA-1:
1549cf4f9282f1b42a58b5e050e12ef0ad669798

SHA-256:
ad93abf6dacb8cb2b4d1df732ed427a6d39d56cba21db9352ca92db348c09041

Scanner detections:
9 / 68

Status:
Adware

Analysis date:
12/26/2024 3:57:08 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Babylon
2013.12.28

Boost by Reason
Optional.Task.Babylon.I
188838

Comodo Security
Application.Win32.Agent.~AS
17510

Dr.Web
Adware.Babylon.12
9.0.1.0330

ESET NOD32
Win32/Toolbar.Babylon
7.9190

Malwarebytes
PUP.Optional.Babylon.A
v2013.11.26.12

NANO AntiVirus
Trojan.Win32.Babylon.csmnej
0.28.0.57630

Reason Heuristics
PUP.Babylon.Task.I
14.8.7.19

Rising Antivirus
PE:Malware.XPACK/RDM!5.1
23.00.65.131209

File size:
10.1 KB (10,320 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\babsolution\shared\babmaint.exe

Digital Signature
Signed by:
Babylon Ltd.

Authority:
Thawte, Inc.

Valid from:
2/26/2012 4:00:00 PM

Valid to:
3/8/2014 3:59:59 PM

Subject:
CN=Babylon Ltd., O=Babylon Ltd., L=Or-Yehuda, S=Or-Yehuda, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
48C39FBA62460E24E169054FE518E0AF

File PE Metadata
Compilation timestamp:
6/6/2013 2:23:16 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
192:CbqRPPzXlN6+nVyf8wou7+wse+PjP7Tv4:CiHTlNjnQmuSPL4

Entry address:
0x10D0

Entry point:
55, 8B, EC, 81, EC, 38, 08, 00, 00, 33, C0, 66, 89, 85, F8, FD, FF, FF, 33, C9, 66, 89, 8D, F0, FB, FF, FF, 33, D2, 66, 89, 95, E8, F9, FF, FF, 8D, 85, F8, FD, FF, FF, 50, 6A, 00, 6A, 00, 6A, 1A, 6A, 00, FF, 15, 44, 20, 40, 00, 8D, 8D, F8, FD, FF, FF, 51, FF, 15, 50, 20, 40, 00, 68, 80, 20, 40, 00, 8D, 95, F8, FD, FF, FF, 52, FF, 15, 30, 20, 40, 00, 8D, 85, F8, FD, FF, FF, 50, E8, CC, FE, FF, FF, 83, C4, 04, 0F, B6, C8, 85, C9, 0F, 84, 40, 01, 00, 00, 8D, 95, F8, FD, FF, FF, 52, FF, 15, 34, 20, 40, 00, 89...
 
[+]

Entropy:
6.3402

Developed / compiled with:
Microsoft Visual C++

Code size:
1024 Bytes (1,024 bytes)

Scheduled Task
Task name:
EPUpdater

Trigger:
Daily (Runs daily at 6:42 AM)


The file babmaint.exe has been discovered within the following programs.

Bueno Chrome Toolbar  by Babylon Ltd
Bueno Chrome Toolbar is an adware web browser extension that will display various popup and banner ads as well as modify the user's web browser search and home page settings.
info.buenosearch.com
82% remove it
DaleSearch Chrome Toolbar  by Babylon Ltd
Uses the SearchGol Toolbar Platform. As part of the installation process of the Software, publisher may offer changes to your Internet Browser settings.
info.dalesearch.com
66% remove it
Delta Chrome Toolbar  by Visual Tools
Delta Chrome Toolbar is part of the babylon toolbar system, a potentially unwanted program. It has alos been detected as malware by a few antivirus programs. TrendMicro-HouseCall detects it as TROJ_GEN.RCBH1C6 and Norman detects it as Babylon.A.
83% remove it
Doko Chrome Toolbar  by Babylon Ltd
Doko Chrome Toolbar is a potentially unwanted web browser extension designed to take control of the user's browser in order to redirect web searches and inject advertising. In Internet Explorer the program run as a Browser Helper Object.
82% remove it
Hola Chrome Toolbar  by Babylon Ltd
Hola Chrome Toolbar is part of the babylon toolbar system and the Hola Toolbar Platform, a known adware program. It has alos been detected as malware by a few antivirus programs. TrendMicro-HouseCall detects it as TROJ_GEN.RCBH1C6 and Norman detects it as Babylon.A.
info.holasearch.com
82% remove it
MixiDJ chrome Toolbar  by Conduit Ltd.
MixiDJ chrome Toolbar is a Conduit web browser plugin for Chrome that collects and stores information about a user's web browsing habits and sends this information to Conduit in order to provide advertising.
MixiDJV30.OurToolbar.com
66% remove it
Search-Gol Chrome Toolbar  by Search-Gol
SearchGol Toolbar Platform is an ad-supported (users may see additional banner, search, pop-up, pop-under, interstitial and in-text link advertisements) cross web browser plugin for Internet Explorer (BHO) and Firefox/Chrome (plugin) and distributed through various monetization platforms during installation.
info.searchgol.com
67% remove it
VisualBee chrome Toolbar  by VisualBee.com
VisualBee chrome Toolbar is an ad-supported (users may see additional banner and in-text link advertisements) web browser plugin distributed through various monetization platforms during installation.
74% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to DedLoadLM2200.babylon.com  (184.154.27.232:80)

TCP (HTTP):
Connects to utils1phx.babylon.com  (198.143.133.171:80)

Remove babmaint.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.