» babmaint.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (6)
Network (1)

babmaint.exe

This is the maintenance task (EPUpdater) installed with a Babylon branded web browser toolbar (search adware). The scheduled task will check to make sure that the installed browser extensions for Chorme, Firefox and IE are installed as well as the home page and search provider are set to the Babylon partner site. The application babmaint.exe has been detected as adware by 7 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named EPUpdater triggered daily at a specified time. Additionally, the file is typically installed by a number of programs including Delta Chrome Toolbar by Visual Tools and Search-Gol Chrome Toolbar by Search-Gol, both potentially unwanted software. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.

File name:

babmaint.exe

MD5:

71d490c463014e4fb88b8cba700b111e

SHA-1:

e0814d0f17ee1122f6d3507dc676030f8e1cc133

SHA-256:

93740a9bad63eae778ec6a603320beb084638fb3582436a3c9d516d0e51feb1c

Scanner detections:

7 / 68

Status:

Adware

Analysis date:

12/26/2024 3:35:56 AM UTC (today)

Scan engine

Detection

Engine version

Boost by Reason

Optional.Task.I

188432

Dr.Web

Adware.Babylon.12

9.0.1.0329

ESET NOD32

Win32/Toolbar.Babylon

7.9190

Malwarebytes

PUP.Optional.Babylon.A

v2014.02.11.10

NANO AntiVirus

Trojan.Win32.Babylon.csmnej

0.28.0.57630

Reason Heuristics

PUP.Babylon.Task.I

14.3.3.15

Rising Antivirus

PE:Malware.XPACK/RDM!5.1

23.00.65.131208

File size:

4.5 KB (4,608 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\babsolution\shared\babmaint.exe

File PE Metadata

Compilation timestamp:

6/6/2013 2:23:16 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

48:iCO9ww9h+wi2B4PPCICAJPzxG7oBzlll+eqFVyCSCdYS:m2w9swJ4RPPzxQolNzwyCtd

Entry address:

0x10D0

Entry point:

55, 8B, EC, 81, EC, 38, 08, 00, 00, 33, C0, 66, 89, 85, F8, FD, FF, FF, 33, C9, 66, 89, 8D, F0, FB, FF, FF, 33, D2, 66, 89, 95, E8, F9, FF, FF, 8D, 85, F8, FD, FF, FF, 50, 6A, 00, 6A, 00, 6A, 1A, 6A, 00, FF, 15, 44, 20, 40, 00, 8D, 8D, F8, FD, FF, FF, 51, FF, 15, 50, 20, 40, 00, 68, 80, 20, 40, 00, 8D, 95, F8, FD, FF, FF, 52, FF, 15, 30, 20, 40, 00, 8D, 85, F8, FD, FF, FF, 50, E8, CC, FE, FF, FF, 83, C4, 04, 0F, B6, C8, 85, C9, 0F, 84, 40, 01, 00, 00, 8D, 95, F8, FD, FF, FF, 52, FF, 15, 34, 20, 40, 00, 89... 
[+]

Entropy:

4.0327

Code size:

1024 Bytes (1,024 bytes)

Scheduled Task

Task name:

EPUpdater

Trigger:

Daily (Runs daily at 6:18 PM)

The file babmaint.exe has been discovered within the following programs.

DaleSearch Chrome Toolbar by Babylon Ltd

Uses the SearchGol Toolbar Platform. As part of the installation process of the Software, publisher may offer changes to your Internet Browser settings.

info.dalesearch.com

66% remove it

Delta Chrome Toolbar by Visual Tools

Delta Chrome Toolbar is part of the babylon toolbar system, a potentially unwanted program. It has alos been detected as malware by a few antivirus programs. TrendMicro-HouseCall detects it as TROJ_GEN.RCBH1C6 and Norman detects it as Babylon.A.

83% remove it

Hola Chrome Toolbar by Babylon Ltd

Hola Chrome Toolbar is part of the babylon toolbar system and the Hola Toolbar Platform, a known adware program. It has alos been detected as malware by a few antivirus programs. TrendMicro-HouseCall detects it as TROJ_GEN.RCBH1C6 and Norman detects it as Babylon.A.

info.holasearch.com

82% remove it

MixiDJ chrome Toolbar by Conduit Ltd.

MixiDJ chrome Toolbar is a Conduit web browser plugin for Chrome that collects and stores information about a user's web browsing habits and sends this information to Conduit in order to provide advertising.

MixiDJV30.OurToolbar.com

66% remove it

Search-Gol Chrome Toolbar by Search-Gol

SearchGol Toolbar Platform is an ad-supported (users may see additional banner, search, pop-up, pop-under, interstitial and in-text link advertisements) cross web browser plugin for Internet Explorer (BHO) and Firefox/Chrome (plugin) and distributed through various monetization platforms during installation.

info.searchgol.com

67% remove it

VisualBee chrome Toolbar by VisualBee.com

VisualBee chrome Toolbar is an ad-supported (users may see additional banner and in-text link advertisements) web browser plugin distributed through various monetization platforms during installation.

74% remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to utils1phx.babylon.com (198.143.133.171:80)

Remove babmaint.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.