babylon10_setup.exe

Babylon Ltd.

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application babylon10_setup.exe by Babylon has been detected as adware by 10 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from www.babylon.com and multiple other hosts.
Publisher:
Babylon Ltd.  (signed and verified)

MD5:
dacaafa58dd6bc5397f20425f41854e0

SHA-1:
a0a4c93a4ffa0775fe1b5afbb2d75e50ecf5f8e7

SHA-256:
95ced2d7eb44bbf7be30b7c14a4d7e2bcecb55a13b9692d30dd58d0d5fa55005

Scanner detections:
10 / 68

Status:
Adware

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
12/25/2024 12:29:11 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Agent
7.1.1

Baidu Antivirus
Adware.Win32.Bbylon
4.0.3.131219

Bkav FE
W32.Clodcfc.Trojan
1.3.0.4613

Dr.Web
Adware.Babylon.10
9.0.1.0353

ESET NOD32
Win32/Toolbar.Babylon (variant)
7.9190

Malwarebytes
v2013.12.19.06

NANO AntiVirus
Trojan.Win32.Babylon.csuksh
0.28.0.58873

Reason Heuristics
PUP.Installer.Babylon.P
14.8.7.19

Trend Micro House Call
TROJ_GEN.F47V1103
7.2.353

Vba32 AntiVirus
suspected of Trojan.Downloader.gen
3.12.24.3

File size:
712.6 KB (729,680 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\babylon10_setup.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
2/26/2012 9:00:00 PM

Valid to:
3/8/2014 8:59:59 PM

Subject:
CN=Babylon Ltd., O=Babylon Ltd., L=Or-Yehuda, S=Or-Yehuda, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
48C39FBA62460E24E169054FE518E0AF

File PE Metadata
Compilation timestamp:
6/16/2013 8:48:04 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:R5N1j+I91Uq7zkanpKTqEn694USct5IJR54VPuO0xTvIrjK7VJ:bVHDkanp2694U8X5202MP

Entry address:
0x1595

Entry point:
55, 8B, EC, 83, E4, F8, 81, EC, 44, 0A, 00, 00, A1, 00, 50, 40, 00, 33, C4, 89, 84, 24, 40, 0A, 00, 00, 53, 56, 33, DB, 57, 8D, 74, 24, 10, 88, 5C, 24, 0E, C6, 44, 24, 0F, 01, E8, C3, 05, 00, 00, 53, 89, 9C, 24, 6C, 02, 00, 00, 89, 9C, 24, 70, 02, 00, 00, 89, 9C, 24, 74, 02, 00, 00, C7, 84, 24, 78, 02, 00, 00, 03, 00, 00, 00, FF, 54, 24, 50, 89, 84, 24, 64, 02, 00, 00, 8B, C6, E8, 07, FA, FF, FF, 3B, C3, 0F, 85, 1A, 01, 00, 00, 8D, 84, 24, 78, 02, 00, 00, 50, 8B, FE, E8, 2C, FF, FF, FF, 8B, F8, 3B, FB, 0F...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
12 KB (12,288 bytes)

The file babylon10_setup.exe has been seen being distributed by the following 19 URLs.

http://www.babylon.com/.../download.cgi?type=100&d=c716515c2bab0579df626f174e3cb3c3

http://www.babylon.com/.../download.cgi?type=100&d=8abfd4eabf4034999aa3f35ba7c68e26

http://www.babylon.com/.../download.cgi?type=100&d=8f9f2d1338570b406b973e780ee73d3d

Remove babylon10_setup.exe - Powered by Reason Core Security