eng_ger_eng.exe

Babylon Ltd.

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application eng_ger_eng.exe by Babylon has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.
Publisher:
Babylon Ltd.  (signed and verified)

MD5:
e1de2711e38a65edcbb603bfb20f639f

SHA-1:
627fcdd1926563c0d52bb8f7727546aad512c724

SHA-256:
8e1427649fc808ee236eeaae269d26766b2e9d2b750b794fc9ca33fb380717be

Scanner detections:
1 / 68

Status:
Adware

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
12/24/2024 11:58:04 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Babylon (M)
17.2.18.18

File size:
11.9 MB (12,471,368 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Digital Signature
Signed by:

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
2/22/2005 1:26:56 PM

Valid to:
2/22/2006 1:26:56 PM

Subject:
CN=Babylon Ltd., OU=Secure Application Development, O=Babylon Ltd., L=Or-Yehuda, S=Or-Yehuda, C=IL

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
3F04DE

File PE Metadata
Compilation timestamp:
3/16/2003 7:41:08 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x4046

Entry point:
83, EC, 0C, 53, 55, 56, 57, FF, 15, C0, 70, 40, 00, 8B, 35, 90, 92, 40, 00, 05, E8, 03, 00, 00, 89, 44, 24, 14, B3, 20, FF, 15, 2C, 70, 40, 00, BF, 00, 04, 00, 00, 68, 60, BF, 42, 00, 57, FF, 15, 5C, 71, 40, 00, 57, FF, 15, B8, 70, 40, 00, 50, FF, 35, 90, 92, 40, 00, FF, 15, B4, 70, 40, 00, 80, 3E, 22, 75, 04, 80, C3, 02, 46, 8B, 2D, 14, 72, 40, 00, EB, 09, 3A, C3, 74, 0B, 56, FF, D5, 8B, F0, 8A, 06, 84, C0, 75, F1, 56, FF, D5, 8B, D8, 89, 5C, 24, 18, EB, 05, 53, FF, D5, 8B, D8, 80, 3B, 20, 74, F6, 80, 3B...
 
[+]

Entropy:
7.9994

Packer / compiler:
Nullsoft Install System v2.0b2, v2.0b3

Code size:
23.5 KB (24,064 bytes)

Remove eng_ger_eng.exe - Powered by Reason Core Security