babylon.exe

Babylon Client

Babylon Ltd.

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application babylon.exe, “Babylon Information Tool” by Babylon has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Babylon Client’. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.
Publisher:
Babylon Ltd.  (signed and verified)

Product:
Babylon Client

Description:
Babylon Information Tool

Version:
10.0.3.2

MD5:
171cd253148acb799529e69b205108df

SHA-1:
fa6784c65746e4ef4026e8f2bf8023ef909fcc0e

SHA-256:
519b70b5aad9ddd780daadae217e8b88bf4c64d996ef068abc92a1d7de5e7207

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 1:02:34 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Babylon (M)
16.2.28.11

File size:
3.4 MB (3,574,864 bytes)

Product version:
10.0.3.2

Copyright:
Copyright © Babylon Ltd. 1997-2014

Original file name:
babylon.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\babylon\client\babylon.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
2/12/2014 5:30:00 AM

Valid to:
3/8/2016 5:29:59 AM

Subject:
CN=Babylon Ltd., O=Babylon Ltd., L=Or-Yehuda, S=Or-Yehuda, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
4A3CB79EE8B7A32A0263FE5D13CC5291

File PE Metadata
Compilation timestamp:
11/19/2014 6:51:42 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:hCxh13IwAcIA2KmUQNj+DkIcbf26F/JW5NS:hCl37AcIA2KmUQNj+V4f2q

Entry address:
0xE9060

Entry point:
E8, A5, FA, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, CE, 90, 4E, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, D0, 9D, 01, 00, 8B, 45, 0C, 8B, 40, 04, 83, E0, FD, 8B, 4D, 0C, 89, 41, 04, 64, 8B, 3D...
 
[+]

Entropy:
6.3802

Packer / compiler:
PEQuake V0.06

Code size:
2.3 MB (2,408,448 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Babylon Client

Command:
C:\Program Files\babylon\client\babylon.exe -autostart


Remove babylon.exe - Powered by Reason Core Security