babmaint.exe

Woolik technologies ltd

This is the maintenance task (EPUpdater) installed with a Babylon branded web browser toolbar (search adware). The scheduled task will check to make sure that the installed browser extensions for Chorme, Firefox and IE are installed as well as the home page and search provider are set to the Babylon partner site. The application babmaint.exe by Woolik technologies ltd has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.
Publisher:
Woolik technologies ltd  (signed and verified)

MD5:
1298649f0ab206b0d04ee4782fd374c2

SHA-1:
60c4bcad7049a1d035dafd2332ab1194c804677a

SHA-256:
781b290ebd88e4be3ecf8303591a4b91471d357141bfeb27aa9997c36e7395f1

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 12:15:06 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Babylon.Montiera (M)
16.3.14.22

File size:
10.9 KB (11,120 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\latest\babmaint.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
7/25/2013 7:00:00 AM

Valid to:
7/26/2014 6:59:59 AM

Subject:
CN=Woolik technologies ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Woolik technologies ltd, L=Or Yeuda, S=israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
233D2998915945A85914A5071B609336

File PE Metadata
Compilation timestamp:
6/6/2013 4:23:16 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
192:SbqRPPzXlN6QnYe+PjPKrZRvd+vfCr9ZCspE+TMQrKjx:SiHTlNVnYPLORvqeMF

Entry address:
0x10D0

Entry point:
55, 8B, EC, 81, EC, 38, 08, 00, 00, 33, C0, 66, 89, 85, F8, FD, FF, FF, 33, C9, 66, 89, 8D, F0, FB, FF, FF, 33, D2, 66, 89, 95, E8, F9, FF, FF, 8D, 85, F8, FD, FF, FF, 50, 6A, 00, 6A, 00, 6A, 1A, 6A, 00, FF, 15, 44, 20, 40, 00, 8D, 8D, F8, FD, FF, FF, 51, FF, 15, 50, 20, 40, 00, 68, 80, 20, 40, 00, 8D, 95, F8, FD, FF, FF, 52, FF, 15, 30, 20, 40, 00, 8D, 85, F8, FD, FF, FF, 50, E8, CC, FE, FF, FF, 83, C4, 04, 0F, B6, C8, 85, C9, 0F, 84, 40, 01, 00, 00, 8D, 95, F8, FD, FF, FF, 52, FF, 15, 34, 20, 40, 00, 89...
 
[+]

Entropy:
6.4141

Developed / compiled with:
Microsoft Visual C++

Code size:
1024 Bytes (1,024 bytes)

Remove babmaint.exe - Powered by Reason Core Security