babylon10_setup_ns.exe

Babylon Setup

Babylon Software

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application babylon10_setup_ns.exe by Babylon Software has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.
Publisher:
Babylon Software Ltd.  (signed by Babylon Software)

Product:
Babylon Setup

Description:
Babylon Setup SE

Version:
10.0.0.0

MD5:
35b1bd43e467a2c5fb79ae4abc99a4a7

SHA-1:
179d29f25b1585b5a1cd561e3317827062f40554

SHA-256:
619b3f8b8720e47cc28b178a1195b359bf802b14c5a2d99e310e3f12413873b6

Scanner detections:
1 / 68

Status:
Adware

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
12/26/2024 11:01:53 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Babylon.BabylonS.Installer (M)
16.4.19.10

File size:
667 KB (683,016 bytes)

Product version:
10.0.0.0

Copyright:
Copyright © Babylon Software Ltd. 1997-2016

Original file name:
SetupStub.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\programs\babylon10_setup_ns.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
3/7/2016 7:00:00 AM

Valid to:
12/8/2016 6:59:59 AM

Subject:
CN=Babylon Software, O=Babylon Software, L=Or Yehuda, S=Tel Aviv, C=IL

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
239A3B3C27A1CA050CE5FAD7036B3EDE

File PE Metadata
Compilation timestamp:
4/7/2016 4:55:57 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
12288:p8qblm4LRiiQiKiQvsGTVVSKmI0kLWWWiZ6/j5rmo93RHGh1m9:pllJLciE7gHKLWxiEbNZVJGh1m9

Entry address:
0x4EFA

Entry point:
E8, 8D, 02, 00, 00, E9, 80, FE, FF, FF, 55, 8B, EC, A1, 04, 80, 41, 00, 83, E0, 1F, 6A, 20, 59, 2B, C8, 8B, 45, 08, D3, C8, 33, 05, 04, 80, 41, 00, 5D, C3, 55, 8B, EC, 8B, 45, 08, 56, 8B, 48, 3C, 03, C8, 0F, B7, 41, 14, 8D, 51, 18, 03, D0, 0F, B7, 41, 06, 6B, F0, 28, 03, F2, 3B, D6, 74, 19, 8B, 4D, 0C, 3B, 4A, 0C, 72, 0A, 8B, 42, 08, 03, 42, 0C, 3B, C8, 72, 0C, 83, C2, 28, 3B, D6, 75, EA, 33, C0, 5E, 5D, C3, 8B, C2, EB, F9, E8, 42, 07, 00, 00, 85, C0, 75, 03, 32, C0, C3, 64, A1, 18, 00, 00, 00, 56, BE, 10...
 
[+]

Entropy:
7.9036  (probably packed)

Code size:
61.5 KB (62,976 bytes)

The file babylon10_setup_ns.exe has been seen being distributed by the following 41 URLs.

http://ppdjs.brothersoft.com/ppd_stat.php?url=/d.php?soft_id=48245&url=http://www.babylon.com/redirects/download.cgi?type=100&affID=115144&c=4b8eHWTOYu3aKrggEUzO rw3KS7DaoeqZ058KuuWKWaLx40u2HmkfcVlKXMUU3AxncG61yIGJH3S2UKHJRlK7WYv fv9a6jUJwS48BGIhxvdf9HjeUm9bGihdGjVV4aXY12RmV69mFrfsHB0qO5/.../NONZz1yC8tzBnDjm32ggU5CPYBo2yqNyJgtxM

http://www.babylon-software.com/.../download.cgi?type=100&d=8c94632d3ce50cfe640072709c324cde&hclink=1

http://www.babylon.com/.../download.cgi?type=100&d=65cbca0e541b8f4e0765b81e4edf3130

http://www.babylon-software.com/.../download.cgi?type=7404&d=77400bc7482222bfc0fda1910d1405a8&hclink=1

Latest 30 of 41 download URLs

Remove babylon10_setup_ns.exe - Powered by Reason Core Security