setup.exe

Setup Module

Babylon Ltd.

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application setup.exe, “Setup Application” by Babylon has been detected as adware by 20 anti-malware scanners. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. It is also typically executed from the user's temporary directory.
Publisher:
Babylon Ltd.  (signed and verified)

Product:
Setup Module

Description:
Setup Application

Version:
9.1.3.15

MD5:
e9bec56dcf3973485641f699f02f7e3e

SHA-1:
ef31aac7183bed1fd3169dd2e20862b41b485ec7

SHA-256:
6a33aec4218a1f032ac8491b3b0470c4c3f22215ffc88f7e1f458c9d797852fd

Scanner detections:
20 / 68

Status:
Adware

Analysis date:
12/24/2024 11:50:40 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win32/Kashu.E
2014.07.24

avast!
Win32:Kukacka
2014.9-150919

Baidu Antivirus
Adware.Win32.Bbylon
4.0.3.15919

Bkav FE
W32.Clod2b6.Trojan
1.3.0.4562

Comodo Security
Application.Win32.Babylon.id
17372

Dr.Web
Adware.Searcher.2861
9.0.1.0262

ESET NOD32
Win32/Toolbar.Babylon.AD potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
Riskware/Babylon
9/19/2015

K7 AntiVirus
Virus
13.181.12819

Malwarebytes
v2015.09.19.03

Microsoft Security Essentials
Threat.Undefined
1.179.842.0

Norman
Sality.ZHB
11.20150919

Qihoo 360 Security
Malware.QVM19.Gen
1.0.0.1015

Reason Heuristics
PUP.Babylon.Installer (M)
15.9.19.15

Rising Antivirus
PE:Win32.KUKU.kj!1522176
23.00.65.15917

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
9620

Trend Micro House Call
TROJ_GEN.F47V0927
7.2.262

Trend Micro
PE_SALITY.RL
10.465.19

Vba32 AntiVirus
suspected of Trojan.Downloader.gen
3.12.24.3

VIPRE Antivirus
Threat.4721115
31208

File size:
1.1 MB (1,190,448 bytes)

Product version:
9.1.3.15

Copyright:
Copyright © Babylon Ltd. 1997-2014

Original file name:
Setup32.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
2/12/2014 12:00:00 AM

Valid to:
3/7/2016 11:59:59 PM

Subject:
CN=Babylon Ltd., O=Babylon Ltd., L=Or-Yehuda, S=Or-Yehuda, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
4A3CB79EE8B7A32A0263FE5D13CC5291

File PE Metadata
Compilation timestamp:
3/12/2014 12:02:16 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:GFwVxL6UdB8uJtjyBT0F7HRYm4fIH4yAHrgQOMeb+4:GWxe8B8Utg03YnBNHrgQLeb+4

Entry address:
0x6450F

Entry point:
E8, 76, C1, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, B8, 0E, 4B, 00, E8, CB, FB, FF, FF, E8, 11, 2E, 00, 00, 0F, B7, F0, 6A, 02, E8, 09, C1, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, FB, 35, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
5.6769

Code size:
538 KB (550,912 bytes)

Remove setup.exe - Powered by Reason Core Security