babylon10_setup_ns.exe

Babylon Setup

Babylon Software

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application babylon10_setup_ns.exe by Babylon Software has been detected as adware by 2 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from www.babylon.com and multiple other hosts.
Publisher:
Babylon Software Ltd.  (signed by Babylon Software)

Product:
Babylon Setup

Description:
Babylon Setup SE

Version:
9.2.0.0

MD5:
f1ebee9bf9b32f20dbb4669401a32fbb

SHA-1:
56c1527fb50e5c8c147f87307182e454384553a6

SHA-256:
580fa5f99ad1a6aa50545f1dcb913563222db2ae76c22bbc368280cbba81079e

Scanner detections:
2 / 68

Status:
Adware

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
12/24/2024 1:15:01 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Babylon.36
9.0.1.0191

Reason Heuristics
PUP.Babylon.BabylonSoftware.Installer (M)
15.7.10.14

File size:
660.9 KB (676,720 bytes)

Product version:
9.2.0.0

Copyright:
Copyright © Babylon Software Ltd. 1997-2015

Original file name:
SetupStub.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\babylon10_setup_ns.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
12/8/2014 5:30:00 AM

Valid to:
12/8/2016 5:29:59 AM

Subject:
CN=Babylon Software, O=Babylon Software, L=Or Yehuda, S=Tel Aviv, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7B8E754BED548B30647F4329D78D3F91

File PE Metadata
Compilation timestamp:
4/19/2015 5:59:59 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:CZW7NvBqSEeQUQXc6j88L3I8pJd926h6E2Qgl9w8H+/9OLMGEV2MQgmv8:C6NvBqSEeQ3sC88L3I8pz92W6/wWPwGs

Entry address:
0x4EEF

Entry point:
E8, 46, 26, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 28, 4A, 41, 00, E8, 0B, 28, 00, 00, E8, A1, 13, 00, 00, 0F, B7, F0, 6A, 02, E8, D9, 25, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 98, 1D, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.9054  (probably packed)

Code size:
59.5 KB (60,928 bytes)

The file babylon10_setup_ns.exe has been seen being distributed by the following 50 URLs.

http://www.babylon.com/.../download.cgi?type=100&d=458349a684901805d394dfe7f5b09809&hclink=1

http://www.babylon.com/.../download.cgi?type=100&d=4e57dab96a8cd7bec224ec8f097ed250&hclink=1

http://www.babylon.com/.../download.cgi?type=100&d=cec847bcf030794ba5123952f09a5109&hclink=1

http://www.babylon-software.com/.../download.cgi?type=100&d=120cca7bd13387911af92f88eb254d5e&hclink=1

http://www.babylon-software.com/.../download.cgi?type=100&d=4f771f1adb400f5e368b00fac353a7cf

http://babylon.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaaNoJ2hkpQ=

http://www.babylon.com/.../download.cgi?type=100&d=f24370e5d5c9b2269766193f4138ef4d&hclink=1

http://ppdjs.brothersoft.com/ppd_stat.php?url=http://www.babylon.com/redirects/download.cgi?type=100&affID=115140&c=826eYNPIp0e15JeNlnCPs2JvifRLAeVOGaz5zHgH/vPSE6GNRW09RyXZ/nmVYcXCCm5k5ARJK4UOUR9kuRqCWdFaUtEIS0dRFarKrbgmM/.../e99xBZFN7eH7o0s59oegQPqKhG071cRHus4afGJIreXhRaMJvoHXfP8P7JEW4wTiyIeXLaGpH67cEMgILRwPMzyJd2jYjLUBeS8SJ7OdRwap8tIK

http://www.babylon.com/.../download.cgi?type=100&d=8bb2c4d18dd09a40f6681f097a5cdbea&hclink=1

http://dl.babylon.com/site/files/.../Babylon8_setup.exe

http://41.223.201.248/.../Babylon10_setup_ns.exe

http://www.brothersoft.com/d.php?soft_id=48245&url=http://www.babylon.com/.../download.cgi?type=100&affID=115144&name=Babylon

http://cdn.vndownloadfiles.com/?ic_user_id=891

http://www.babylon.com/files/.../Babylon6_setup_eng_eng.exe

http://ppdjs.brothersoft.com/ppd_stat.php?url=/d.php?soft_id=48245&url=http://www.babylon.com/redirects/download.cgi?type=100&affID=115144&c=410cmF/JsI4deZtB6a6EL2f7/PstCi/Wa/HL6jYZT89j9iKv7sohaBse6cTQacOJRkabkUU6rZfiM5DkFlYDgfDRIG1tlyVDxjSd6thZy8p897am1gDhvdYZZ6M7eYutWFw4TX2yea0VAjPFKGroXG/0h71EkBR3/.../ziisr5WgnX8Z0QvMYO2PD8fitT6OdVbqX3KaCUhIMpz

http://www.babylon.com/.../download.cgi?type=100&d=b8a6ade208c0e4ef086849f0b1711251&hclink=1

http://www.babylon.com/.../download.cgi?type=100&d=d6ab1c698c495be4059b77d205550706&hclink=1

http://www.babylon-software.com/.../download.cgi?type=100&d=28250ee752aa161deaf74a6ef69ccc24&hclink=1

http://www.babylon.com/.../download.cgi?type=100&d=0a3f4f2007d2cf0bb8bd5d1eced33191&hclink=1

http://babylon.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaKQp6SmmJs=

http://goo.gl/OsiZup

http://www.babylon.com/.../download.cgi?type=100&d=6b046368d7dcd325e527cf932cd61627&hclink=1

http://www.babylon-software.com/.../download.cgi?type=100&d=42e9bffefd0a4204cbea8359c76eaa5d&hclink=1

http://www.babylon.com/.../download.cgi?type=100&d=55b5a8d386edbaf0a9abd64e26899c4b&hclink=1

http://babylon.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fm6GMnp-kl5U=

http://www.babylon.com/.../download.cgi?type=100&d=5b23bf6c7635ac87925672015d34d66f&hclink=1

http://www.babylon.com/.../download.cgi?type=100&d=844166bc094d2c660016e49049bf0d78&hclink=1

http://www.babylon-software.com/.../download.cgi?type=100&d=887b81bf8022ac9570569e7f9f09097b

http://www.babylon.com/.../download.cgi?type=100&d=3691c0a1c4827713d40a394745c0efea&hclink=1

http://www.babylon-software.com/.../download.cgi?type=100&d=f603e3cf4e8a545448dcb815306b3835&hclink=1

Latest 30 of 440 download URLs

Remove babylon10_setup_ns.exe - Powered by Reason Core Security