babylon10_setup_ns.exe

Babylon Setup

Babylon Software

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application babylon10_setup_ns.exe by Babylon Software has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.
Publisher:
Babylon Software Ltd.  (signed by Babylon Software)

Product:
Babylon Setup

Description:
Babylon Setup SE

Version:
10.0.0.0

MD5:
7febb2f029a8af648ea447c626e509d3

SHA-1:
f9b3051cd01c9048deab1efa2aafd46c07684373

SHA-256:
8f3028a1e16d20e887df01ae8a1e2717ab483080d5192e11eba6cb7fd93adb19

Scanner detections:
1 / 68

Status:
Adware

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
12/24/2024 11:52:49 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Babylon.BabylonS.Installer (M)
16.5.10.16

File size:
666.5 KB (682,504 bytes)

Product version:
10.0.0.0

Copyright:
Copyright © Babylon Software Ltd. 1997-2016

Original file name:
SetupStub.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\programs\babylon10_setup_ns.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
3/7/2016 1:00:00 AM

Valid to:
12/8/2016 12:59:59 AM

Subject:
CN=Babylon Software, O=Babylon Software, L=Or Yehuda, S=Tel Aviv, C=IL

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
239A3B3C27A1CA050CE5FAD7036B3EDE

File PE Metadata
Compilation timestamp:
5/8/2016 2:46:18 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
12288:48qblmVLRLEL1zAbPDQ5gFrni6DYjwr3jKrs5HLlP+BnmSOGIYQj4XrqcF6cpf:4llwLmL61vzKrgHhIiJLQgs

Entry address:
0x4EFA

Entry point:
E8, 8D, 02, 00, 00, E9, 80, FE, FF, FF, 55, 8B, EC, A1, 04, 80, 41, 00, 83, E0, 1F, 6A, 20, 59, 2B, C8, 8B, 45, 08, D3, C8, 33, 05, 04, 80, 41, 00, 5D, C3, 55, 8B, EC, 8B, 45, 08, 56, 8B, 48, 3C, 03, C8, 0F, B7, 41, 14, 8D, 51, 18, 03, D0, 0F, B7, 41, 06, 6B, F0, 28, 03, F2, 3B, D6, 74, 19, 8B, 4D, 0C, 3B, 4A, 0C, 72, 0A, 8B, 42, 08, 03, 42, 0C, 3B, C8, 72, 0C, 83, C2, 28, 3B, D6, 75, EA, 33, C0, 5E, 5D, C3, 8B, C2, EB, F9, E8, 42, 07, 00, 00, 85, C0, 75, 03, 32, C0, C3, 64, A1, 18, 00, 00, 00, 56, BE, 10...
 
[+]

Code size:
61.5 KB (62,976 bytes)

The file babylon10_setup_ns.exe has been seen being distributed by the following 50 URLs.

http://www.babylon.com/.../download.cgi?type=100&d=caf7f03979f1b7baa98f08dd25bf7e3e

http://www.babylon.com/.../download.cgi?type=100&d=0eb92ec1b34ad96b219be9647484afc8

http://www.babylon.com/.../download.cgi?type=100&d=12731d1714994abdd1ef0a809149957c

http://www.babylon-software.com/.../download.cgi?type=100&d=4265b5cd82f9881b59dc945506dbed3d&hclink=1

http://www.babylon-software.com/.../download.cgi?type=100&d=d73845bc17d2c6f819b71c36172346b3&hclink=1

http://www.babylon-software.com/.../download.cgi?d=6137c1129858d1af282c1810d5bf7fc0&type=7289

http://www.babylon.com/.../download.cgi?type=417

http://www.babylon.com/.../download.cgi?type=100&affID=100628

http://www.babylon-software.com/.../download.cgi?type=100&d=0c8e5196c696441d87e0ed893b767397&hclink=1

http://www.babylon-software.com/.../download.cgi?type=100&d=06facf7695d0f74e76289ab9e256784c&hclink=1

http://www.babylon-software.com/.../download.cgi?type=100&d=6137c1129858d1af282c1810d5bf7fc0&hclink=1

http://www.babylon-software.com/.../download.cgi?type=100&d=521da078ccc2af9f860e4f03ab724030&hclink=1

http://www.babylon.com/.../download.cgi?type=100&affID=112345

http://www.babylon-software.com/.../download.cgi?type=100&d=66dc59e11f1e1db138020b30a6a90d22&hclink=1

http://www.babylon-software.com/.../download.cgi?type=100&d=77a95f8869882ee5d80b1683484240d9&hclink=1

http://www.babylon-software.com/.../download.cgi?type=100&d=6016cde82a23bddb583a4284f294cf9f&hclink=1

http://www.babylon-software.com/.../download.cgi?type=100&d=1489b7d453710003d44558e488235778&hclink=1

http://www.babylon-software.com/.../download.cgi?type=100&d=6acba19b3b4bacf16cce28fbb33ad291&hclink=1

http://www.babylon-software.com/.../download.cgi?type=100&d=23caa86e52260c22644b362b879445fd

http://babylon.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fm6eIn6Oilpk=

http://www.bestmetagrab.com/2qTdGJgdAaRVSxEpLrrDXdQPX1BwGxcCwrEsLlWKHkchK1WpATvafurK8PMkHn1Y3iQ4uHBpyJo1ixFh6UscCwaUQ0E3OSmp4TG358hSEkXLhOCVQ3rt8M0muXhHAJgjltIaU70kuy_KCrSMzo LbQTKQRnUv5JyQiLdZutMs9 Hlh ogzJEG_Jf2R0KFR5r8M3Tm2hc-G2wAAES3 X2ddlyj65QIKSEVLJ1ywF4rCyjx M4H3Vh4qBccitgMahujW3vD6QjlPP_jsza7fx_1jV9ULoHmbOIlQctAC49o1XfcnAAB

http://www.babylon-software.com/.../download.cgi?type=100&d=1e308ea39e74510ba603d6f10b91d8d2&hclink=1

http://www.babylon-software.com/.../download.cgi?type=100&d=79cf76f449ed96bf1d3a82879e79b2d9&hclink=1

http://www.babylon.com/.../download.cgi?type=100

http://www.babylon-software.com/.../download.cgi?type=100&d=4609637944210f9a2777303d8ea66baf&hclink=1

http://www.babylon-software.com/.../download.cgi?type=100&d=8527bdd6233fdb0ba7bec0d4352e13c7&hclink=1

http://www.babylon-software.com/.../download.cgi?type=100&d=e4360701455f47fce440e6f932211b4a&hclink=1

http://www.babylon.com/.../download.cgi?type=100&d=0a3f4f2007d2cf0bb8bd5d1eced33191

http://www.babylon-software.com/.../download.cgi?type=100&d=1def1b7ba843a79bcacce1b17d9685ad&hclink=1

https://babylon.it.softonic.com/download-tracker?th=1/.../KRMMfNRI4Qqx8vncvyVLLpUATQOJiwIjtPKLra0 sO1ubMU=

Latest 30 of 361 download URLs

Remove babylon10_setup_ns.exe - Powered by Reason Core Security