home

BabylonTC.exe

BabylonTC

Ginger Software

The application BabylonTC.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. While running, it connects to the Internet address ba.gingersoftware.xglobe.net on port 80 using the HTTP protocol.
Publisher:
Ginger Software

Product:
BabylonTC

Version:
1.13.119

MD5:
ba7fb196c86a50c22fa7492fdc527390

SHA-1:
d9ed3b9619d284488a6b1a30585b224958580b47

SHA-256:
938386f6a1b023bdeb687d32a4e8027cbcbddc9f66361d2d5cf00084ba2ed95c

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 12:28:14 AM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.GingerSoftware.J
188163

Reason Heuristics
PUP.Babylon
16.2.1.13

File size:
2.8 MB (2,886,144 bytes)

Product version:
1.13.119

Copyright:
Copyright (C) 2009

Original file name:
BabylonTC.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\babylon\babylon-pro\tc\babylontc.exe

File PE Metadata
Compilation timestamp:
1/24/2011 10:55:44 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:mxGrwTjjjbmj4rOVOf4kyjVbqI0AYfbms1WiVDj5vcTQT+K0eL2et3ARbv:CGrwnfbmnVtAeYfqPiVn5vyQ70

Entry address:
0x90BC0

Entry point:
8B, FF, 55, 8B, EC, E8, 36, CC, 00, 00, E8, 11, 00, 00, 00, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 6A, FE, 68, A8, 98, 4E, 00, 68, 70, C6, 48, 00, 64, A1, 00, 00, 00, 00, 50, 83, C4, 94, 53, 56, 57, A1, 68, 1B, 50, 00, 31, 45, F8, 33, C5, 50, 8D, 45, F0, 64, A3, 00, 00, 00, 00, 89, 65, E8, C7, 45, 90, 00, 00, 00, 00, C7, 45, FC, 00, 00, 00, 00, 8D, 45, A0, 50, FF, 15, B8, C1, 4C, 00, C7, 45, FC, FE, FF, FF, FF, EB, 26, B8, 01, 00, 00, 00, C3, 8B, 65, E8, C7...
 
[+]

Entropy:
7.5272

Code size:
805 KB (824,320 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ba.gingersoftware.xglobe.net  (173.231.152.50:80)

TCP (HTTP):
Connects to www.gingersoftware.xglobe.net  (173.231.146.230:80)

Remove BabylonTC.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.