babmaint.exe

Woolik technologies ltd

This is the maintenance task (EPUpdater) installed with a Babylon branded web browser toolbar (search adware). The scheduled task will check to make sure that the installed browser extensions for Chorme, Firefox and IE are installed as well as the home page and search provider are set to the Babylon partner site. The application babmaint.exe by Woolik technologies ltd has been detected as adware by 9 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named EPUpdater triggered daily at a specified time. Additionally, the file is typically installed by a number of programs including Delta Chrome Toolbar by Visual Tools and Opti Chrome Toolbar by Babylon Ltd, both potentially unwanted software. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.
Publisher:
Woolik technologies ltd  (signed and verified)

MD5:
e7831e33c81eb10a8f7ba3b608383724

SHA-1:
d8f10bdfcf1d7203a10edd44bfa91e63429f7509

SHA-256:
9c1a7f231aa8aa735bd7fa3788b054fda54f3752df76e7de072edd5c271d07ea

Scanner detections:
9 / 68

Status:
Adware

Analysis date:
12/26/2024 3:39:06 AM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.Task.Wooliktechnologiesltd.I
188838

Comodo Security
Application.Win32.Babylon.ag
17351

Dr.Web
Adware.Babylon.12
9.0.1.0353

ESET NOD32
Win32/Toolbar.Babylon
7.9109

Malwarebytes
v2013.12.19.09

NANO AntiVirus
Trojan.Win32.Babylon.csmnej
0.28.0.58101

Reason Heuristics
PUP.Babylon.Task.I
14.8.7.21

Rising Antivirus
PE:Malware.XPACK/RDM!5.1
23.00.65.14301

Trend Micro House Call
TROJ_GEN.F47V0916
7.2.353

File size:
10.9 KB (11,120 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\latest\babmaint.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
7/24/2013 9:00:00 PM

Valid to:
7/25/2014 8:59:59 PM

Subject:
CN=Woolik technologies ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Woolik technologies ltd, L=Or Yeuda, S=israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
233D2998915945A85914A5071B609336

File PE Metadata
Compilation timestamp:
6/6/2013 6:23:16 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
192:QbqRPPzXlN6QnYe+PjPKrZRvd+vfCr9ZCspE+TMQrKjx:QiHTlNVnYPLORvqeMF

Entry address:
0x10D0

Entry point:
55, 8B, EC, 81, EC, 38, 08, 00, 00, 33, C0, 66, 89, 85, F8, FD, FF, FF, 33, C9, 66, 89, 8D, F0, FB, FF, FF, 33, D2, 66, 89, 95, E8, F9, FF, FF, 8D, 85, F8, FD, FF, FF, 50, 6A, 00, 6A, 00, 6A, 1A, 6A, 00, FF, 15, 44, 20, 40, 00, 8D, 8D, F8, FD, FF, FF, 51, FF, 15, 50, 20, 40, 00, 68, 80, 20, 40, 00, 8D, 95, F8, FD, FF, FF, 52, FF, 15, 30, 20, 40, 00, 8D, 85, F8, FD, FF, FF, 50, E8, CC, FE, FF, FF, 83, C4, 04, 0F, B6, C8, 85, C9, 0F, 84, 40, 01, 00, 00, 8D, 95, F8, FD, FF, FF, 52, FF, 15, 34, 20, 40, 00, 89...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1024 Bytes (1,024 bytes)

Scheduled Task
Task name:
EPUpdater

Trigger:
Daily (Runs daily at 20:56)


The file babmaint.exe has been discovered within the following programs.

Bueno Chrome Toolbar  by Babylon Ltd
Bueno Chrome Toolbar is an adware web browser extension that will display various popup and banner ads as well as modify the user's web browser search and home page settings.
info.buenosearch.com
82% remove it
DaleSearch Chrome Toolbar  by Babylon Ltd
Uses the SearchGol Toolbar Platform. As part of the installation process of the Software, publisher may offer changes to your Internet Browser settings.
info.dalesearch.com
66% remove it
Delta Chrome Toolbar  by Visual Tools
Delta Chrome Toolbar is part of the babylon toolbar system, a potentially unwanted program. It has alos been detected as malware by a few antivirus programs. TrendMicro-HouseCall detects it as TROJ_GEN.RCBH1C6 and Norman detects it as Babylon.A.
83% remove it
Doko Chrome Toolbar  by Babylon Ltd
Doko Chrome Toolbar is a potentially unwanted web browser extension designed to take control of the user's browser in order to redirect web searches and inject advertising. In Internet Explorer the program run as a Browser Helper Object.
82% remove it
MixiDJ chrome Toolbar  by Conduit Ltd.
MixiDJ chrome Toolbar is a Conduit web browser plugin for Chrome that collects and stores information about a user's web browsing habits and sends this information to Conduit in order to provide advertising.
MixiDJV30.OurToolbar.com
66% remove it
Only Chrome Toolbar  by Woolik technologies ltd
This toolbar/web browser extension is ad/search-supported that is typically installed as an optional offer, users generally have this bundled with 3rd party software.
85% remove it
Opti Chrome Toolbar  by Babylon Ltd
This is a potentially unwanted web browser extension that is designed to deliver search-based hijacking as well as contextual advertising. The program does this by modifying the user's home and search page in order to monetize a user's search activities.
57% remove it
Search-Gol Chrome Toolbar  by Search-Gol
SearchGol Toolbar Platform is an ad-supported (users may see additional banner, search, pop-up, pop-under, interstitial and in-text link advertisements) cross web browser plugin for Internet Explorer (BHO) and Firefox/Chrome (plugin) and distributed through various monetization platforms during installation.
info.searchgol.com
67% remove it
Tika Chrome Toolbar  by Babylon Ltd
Babylon's Tika Toolbar is a potentially unwanted ad-supported (adware) toolbar and web browser extension that will hijack the user's browser search page and provider in order to redirect searches to www.tika-search.com.
www.tika-search.com
79% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to DedLoadLM2200.babylon.com  (184.154.27.232:80)

TCP (HTTP):
Connects to utils1phx.babylon.com  (198.143.133.171:80)

Remove babmaint.exe - Powered by Reason Core Security