babylon10_setup_ns.exe

Visual Tools Client Setup 1.0

Babylon Software

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application babylon10_setup_ns.exe, “Visual Tools Client Setup” by Babylon Software has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.
Publisher:
Visual Tools Ltd.  (signed by Babylon Software)

Product:
Visual Tools Client Setup 1.0

Description:
Visual Tools Client Setup

Version:
1.0.5.0

MD5:
cc22ddb6e5fda2b1351bb04c5ec2dd8b

SHA-1:
6b7c856dc58b433108835e455359b941967b9ebb

SHA-256:
944c739413547f34580b567c533a1d8d9d8cb8bb3449e6eedba1a5e1c5639148

Scanner detections:
1 / 68

Status:
Adware

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
12/24/2024 5:02:46 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Babylon (M)
16.9.4.17

File size:
707.4 KB (724,336 bytes)

Copyright:
2011(c) Visual Tools Ltd. All rights reserved.

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\babylon10_setup_ns.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
12/8/2014 2:00:00 AM

Valid to:
12/8/2016 1:59:59 AM

Subject:
CN=Babylon Software, O=Babylon Software, L=Or Yehuda, S=Tel Aviv, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7B8E754BED548B30647F4329D78D3F91

File PE Metadata
Compilation timestamp:
10/22/2014 10:00:48 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:wPTM7Cmso5YjHK9rZ27aZDemAynwDlnAfrv/jpS4fSJ+N9wSMK/hr8p3:wI71soyj+rZ2mDrv/jpS4fMt/68p3

Entry address:
0x2703

Entry point:
E8, 10, 1D, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 48, 3A, 41, 00, E8, C7, 1E, 00, 00, E8, EC, 01, 00, 00, 0F, B7, F0, 6A, 02, E8, A3, 1C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 84, 16, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.8243  (probably packed)

Code size:
51.5 KB (52,736 bytes)

The file babylon10_setup_ns.exe has been seen being distributed by the following URL.

http://www.babylon.com/.../download.cgi?type=100&d=e680921fc6e8bdfd8a1b64b208fe4c0e

Remove babylon10_setup_ns.exe - Powered by Reason Core Security