mybabylontb.exe

Babylon Client Setup 1.0

Babylon Ltd.

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application mybabylontb.exe, “Babylon Client Setup” by Babylon has been detected as adware by 43 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This file is typically installed with the program Arquivo171212 by Arquivo. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.
Publisher:
Babylon Ltd.  (signed and verified)

Product:
Babylon Client Setup 1.0

Description:
Babylon Client Setup

Version:
1.0.8.0

MD5:
77dfb27d68ce46659a3d5e93410c0b75

SHA-1:
1103b0b81c5410132695e0078186b9e457efec62

SHA-256:
650f680b88ed07ee0a0ddc2ca3732498e6f2807d64d225f03a75e2f014772e8f

Scanner detections:
43 / 68

Status:
Adware

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
12/24/2024 12:40:45 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Parite.B
911

AegisLab AV Signature
W32.Sality
2.1.4+

Agnitum Outpost
Win32.Parite.B
7.1.1

AhnLab V3 Security
Win32/Parite
2014.07.18

Avira AntiVirus
W32/Parite
7.11.30.172

avast!
Win32:Parite
2014.9-140807

AVG
Win32/Parite
2015.0.3389

Baidu Antivirus
Virus.Win32.Parite.$b
4.0.3.1487

Bitdefender
Win32.Parite.B
1.0.20.1095

Bkav FE
W32.Clod8f1.Trojan
1.3.0.4613

Boost by Reason
Optional.Babylon.L
188838

Clam AntiVirus
Heuristics.W32.Parite.B
0.98/19185

Comodo Security
UnclassifiedMalware
17579

Dr.Web
Adware.Babylon.8
9.0.1.044

Emsisoft Anti-Malware
Win32.Parite
8.14.08.07.07

ESET NOD32
Win32/Toolbar.Babylon (variant)
7.8930

Fortinet FortiGate
W32/Parite.B
8/7/2014

F-Prot
W32/Parite.B
v6.4.6.5.141

F-Secure
Win32.Parite.B
11.2014-07-08_5

G Data
Win32.Parite
14.8.24

IKARUS anti.virus
Virus.Parite
t3scan.1.6.1.0

K7 AntiVirus
Virus
13.180.12763

Kaspersky
Virus.Win32.Parite
14.0.0.3441

Malwarebytes
v2013.11.25.03

McAfee
W32/Pate.b
5600.7045

Microsoft Security Essentials
Threat.Undefined
1.179.317.0

MicroWorld eScan
Win32.Parite.B
15.0.0.657

NANO AntiVirus
Riskware.Win32.Babylon.craswq
0.28.0.57029

Norman
Pinfi.A
11.20140807

nProtect
Virus/W32.Parite.C
14.07.17.01

Panda Antivirus
W32/Parite.B
14.08.07.07

Qihoo 360 Security
Virus.Win32.Parite.H
1.0.0.1015

Quick Heal
W32.Perite.A
8.14.14.00

Reason Heuristics
PUP.Installer.Babylon.L
14.8.7.19

Rising Antivirus
PE:Win32.Parite.b!16043
23.00.65.14805

Sophos
W32/Parite-B
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10435

Total Defense
Win32/Pinfi.A
37.0.11065

Trend Micro House Call
HV_ZYX_CB2402E8.TOMC
7.2.363

Trend Micro
PE_PARITE.A
10.465.07

Vba32 AntiVirus
Virus.Win32.Parite.b
3.12.26.3

VIPRE Antivirus
Babylon
22470

ViRobot
Win32.Parite.A
2011.4.7.4223

File size:
878.1 KB (899,224 bytes)

Copyright:
2011(c) Babylon Ltd. All rights reserved.

Original file name:
Setup_Stub.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\mybabylontb.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
2/26/2012 4:00:00 PM

Valid to:
3/8/2014 3:59:59 PM

Subject:
CN=Babylon Ltd., O=Babylon Ltd., L=Or-Yehuda, S=Or-Yehuda, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
48C39FBA62460E24E169054FE518E0AF

File PE Metadata
Compilation timestamp:
2/4/2012 10:12:42 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:eFYstLjknj06BM7Ro5YoFCKIl8FBQd0zZXP:ebqn4AcodIkzZXP

Entry address:
0x1762

Entry point:
55, 8B, EC, 83, E4, F8, 81, EC, 38, 02, 00, 00, A1, 00, 50, 40, 00, 33, C4, 89, 84, 24, 34, 02, 00, 00, 56, 57, 33, FF, 57, FF, 15, 40, 40, 40, 00, 6A, 0A, 8B, F0, 68, E8, 41, 40, 00, 56, FF, 15, 5C, 40, 40, 00, 3B, C7, 74, 16, 50, 8D, 44, 24, 20, 50, 8D, 44, 24, 20, 50, 56, E8, 61, 03, 00, 00, 83, C4, 10, EB, 05, B8, 16, 07, 00, 00, 3B, C7, 0F, 85, BB, 00, 00, 00, 8B, C6, 8D, 4C, 24, 20, 89, 7C, 24, 08, 89, 7C, 24, 0C, 89, 7C, 24, 10, C7, 44, 24, 14, 03, 00, 00, 00, E8, 23, F8, FF, FF, 3B, C7, 0F, 85, 94...
 
[+]

Entropy:
7.9884

Developed / compiled with:
Microsoft Visual C++

Code size:
12 KB (12,288 bytes)

The file mybabylontb.exe has been discovered within the following program.

Arquivo171212  by Arquivo
About 4% of users remove it
 
Powered by Should I Remove It?

The file mybabylontb.exe has been seen being distributed by the following 5 URLs.

http://dl.babylon.com/files/.../MyBabylonTB.exe

Remove mybabylontb.exe - Powered by Reason Core Security