MyClaroTB.exe

Babylon Ltd.

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application MyClaroTB.exe by Babylon has been detected as adware by 5 anti-malware scanners. This is a setup program which is used to install the application. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from dl.cdn-services.com.
Publisher:
Babylon Ltd.  (signed and verified)

MD5:
64aa04695e70ba743150b36c98c61181

SHA-1:
b9d6b26ed0730768442ac8568d7827992d8deba9

SHA-256:
402753d0152d710e038aa857b01757ffb5864b8e225a6773c908d75d4ed9ae1c

Scanner detections:
5 / 68

Status:
Adware

Analysis date:
12/25/2024 3:16:38 AM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Adware.Babylon.J
2013.8.29.4

Dr.Web
Adware.Toolbar.146
9.0.1.0331

ESET NOD32
Win32/Toolbar.Babylon
7.9190

Reason Heuristics
PUP.Babylon.J
14.8.7.19

VIPRE Antivirus
Babylon
24658

File size:
867.1 KB (887,960 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\myclarotb.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
2/26/2012 4:00:00 PM

Valid to:
3/8/2014 3:59:59 PM

Subject:
CN=Babylon Ltd., O=Babylon Ltd., L=Or-Yehuda, S=Or-Yehuda, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
48C39FBA62460E24E169054FE518E0AF

File PE Metadata
Compilation timestamp:
2/4/2012 10:12:30 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:cMhheX9AvJ8MDlHzvQJTFRE1VdX+Nw6Bd:cMzeXOJ1Bkpw1Vj6b

Entry address:
0x1762

Entry point:
55, 8B, EC, 83, E4, F8, 81, EC, 38, 02, 00, 00, A1, 00, 50, 40, 00, 33, C4, 89, 84, 24, 34, 02, 00, 00, 56, 57, 33, FF, 57, FF, 15, 40, 40, 40, 00, 6A, 0A, 8B, F0, 68, E8, 41, 40, 00, 56, FF, 15, 5C, 40, 40, 00, 3B, C7, 74, 16, 50, 8D, 44, 24, 20, 50, 8D, 44, 24, 20, 50, 56, E8, 61, 03, 00, 00, 83, C4, 10, EB, 05, B8, 16, 07, 00, 00, 3B, C7, 0F, 85, BB, 00, 00, 00, 8B, C6, 8D, 4C, 24, 20, 89, 7C, 24, 08, 89, 7C, 24, 0C, 89, 7C, 24, 10, C7, 44, 24, 14, 03, 00, 00, 00, E8, 23, F8, FF, FF, 3B, C7, 0F, 85, 94...
 
[+]

Entropy:
7.9958

Developed / compiled with:
Microsoft Visual C++

Code size:
12 KB (12,288 bytes)

The file MyClaroTB.exe has been seen being distributed by the following URL.

Remove MyClaroTB.exe - Powered by Reason Core Security