delta babylon.exe

Visual Tools

The application delta babylon.exe by Visual Tools has been detected as adware by 9 anti-malware scanners. This is a setup program which is used to install the application. This file is typically installed with the program Open Downloader Manager by Installer Technology Co which is a potentially unwanted software program. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from software.onekit.com and multiple other hosts.
Publisher:
Visual Tools  (signed and verified)

MD5:
e8efb9ef24c1e0ced84cfa3c2ae9dc2f

SHA-1:
0a0209d0147c0907989cbec433e08a4503d4180d

SHA-256:
e7191cf365d04bfe5c00d0becf7e1c976dd6a5972449044be0aa50bca115d1b0

Scanner detections:
9 / 68

Status:
Adware

Analysis date:
12/29/2024 6:33:01 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Babylon
2014.01.04

Bkav FE
W32.Clodd0b.Trojan
1.3.0.4613

Dr.Web
Adware.Toolbar.175
9.0.1.0353

ESET NOD32
Win32/Toolbar.Babylon
7.9249

Malwarebytes
v2013.12.19.02

NANO AntiVirus
Riskware.Win32.Babylon.craswq
0.28.0.57029

Reason Heuristics
PUP.VisualTools.N
14.8.7.21

Rising Antivirus
PE:Trojan.Win32.Generic.15816E51!360803921
23.00.65.131217

VIPRE Antivirus
Babylon
25068

File size:
764.5 KB (782,832 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\proshow_gold__isongold451_3003_exe_194\software\delta babylon.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
1/10/2013 1:00:00 AM

Valid to:
1/11/2015 12:59:59 AM

Subject:
CN=Visual Tools, O=Visual Tools, L=Belgrade, S=Serbia, C=RS

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
789958B0264F06055619270074AFA61F

File PE Metadata
Compilation timestamp:
3/13/2013 12:56:02 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:ZcnX93dIPsM6cQplk3Wgk+k3esYG78zfhEN8DK4slK/6l7ws+YTOJf/Pz6GdLzoJ:ZcXpejuplkmQk3exlm8DUw/cNaJf/PeJ

Entry address:
0x15A7

Entry point:
55, 8D, AC, 24, 40, F6, FF, FF, 81, EC, 3C, 0A, 00, 00, A1, 00, 50, 40, 00, 33, C5, 89, 85, BC, 09, 00, 00, 53, 56, 33, DB, 57, 8D, 75, 88, 88, 5D, 87, C6, 45, 86, 01, E8, AD, 05, 00, 00, 53, 89, 9D, DC, 01, 00, 00, 89, 9D, E0, 01, 00, 00, 89, 9D, E4, 01, 00, 00, C7, 85, E8, 01, 00, 00, 03, 00, 00, 00, FF, 55, C4, 89, 85, D8, 01, 00, 00, 8B, C6, E8, FD, F9, FF, FF, 3B, C3, 0F, 85, 0A, 01, 00, 00, 8D, 85, EC, 01, 00, 00, 50, 8B, FE, E8, 35, FF, FF, FF, 8B, F8, 3B, FB, 0F, 85, C0, 00, 00, 00, 33, FF, 66, 39...
 
[+]

Code size:
11.5 KB (11,776 bytes)

The file delta babylon.exe has been discovered within the following program.

Open Downloader Manager  by Installer Technology Co
ODM is a download manager that plugs into various web browsers (IE, Chrome and Firefox). The installer is designed to bundle and offer various additional offers including toolbars and other potentially harmful programs.
opendownloadmanager.com
73% remove it
 
Powered by Should I Remove It?

The file delta babylon.exe has been seen being distributed by the following 11 URLs.

http://software.onekit.com/software/ofertas/.../DeltaTB.exe

http://www.downloadtastic.com/.../delta.exe

http://dl.babylon.com/files/prtnrp/.../DeltaTB.exe

http://d1pg43ots40sgg.cloudfront.net/bundle/DeltaToolbar/.../DeltaTB.exe

Remove delta babylon.exe - Powered by Reason Core Security