home

babylon10_setup_ns.exe

Babylon Setup

Babylon Software Ltd.

The application babylon10_setup_ns.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from www.babylon-software.com.
Publisher:
Babylon Software Ltd.

Product:
Babylon Setup

Description:
Babylon Setup SE

Version:
10.0.0.0

MD5:
9901f9a6b7af9ca81741b95c9350aff2

SHA-1:
2c4eaffa8946c94971ee8e6b3ce8aae6d6c0306f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
12/26/2024 11:23:08 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Babylon.Optional.Installer.Meta (M)
16.7.1.13

File size:
840.5 KB (860,638 bytes)

Product version:
10.0.0.0

Copyright:
Copyright © Babylon Software Ltd. 1997-2016

Original file name:
SetupStub.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\documents and settings\helsbs\meus documentos\downloads\babylon10_setup_ns.exe

File PE Metadata
Compilation timestamp:
5/8/2016 10:46:18 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
12288:98qbl5uLRLEL1zAbPDQ5gFrni6DYjwr3jKrs5HLlP+BnmSOGIYQj4XrqcF6cpKH5:9ll8LmL61vzKrgHhIiJLQg7HF5uuzVr

Entry address:
0x1F000

Entry point:
90, 68, 4E, 38, 44, 01, 58, 90, BE, 24, F0, 41, 00, 90, BF, 98, 05, 00, 00, 90, 90, FF, 34, 3E, 31, 04, 24, 8F, 04, 3E, 90, 90, 83, EF, 02, 83, EF, 02, 75, ED, A6, 45, 45, 01, 4E, 38, 44, 01, 4E, 38, 04, 01, B4, 76, 44, 01, 46, 52, 4E, 01, 90, 49, 4E, 01, 4E, 88, 46, 01, 4F, 38, 44, 01, 46, 28, 05, 01, CA, 53, 05, 01, DC, 53, 05, 01, 82, 6B, 45, 01, CC, 53, 45, 01, DE, 53, 45, 01, 46, C2, 44, 01, CC, 53, 45, 01, DE, 53, 45, 01, 4E, 38, 44, 01, 4E, 38, 44, 01, 4E, 38, 44, 01, 4E, 38, 44, 01, 4E, 38, 44, 01...
 
[+]

Code size:
61.5 KB (62,976 bytes)

The file babylon10_setup_ns.exe has been seen being distributed by the following URL.

http://www.babylon-software.com/.../download.cgi?type=100&d=067e72c53bb09579d78f465f295d73ee

Remove babylon10_setup_ns.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.