» uninstbb.exe
Overview
Analysis
File Details
Network (7)

uninstbb.exe

Babylon Ltd.

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application uninstbb.exe by Babylon has been detected as adware by 2 anti-malware scanners. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. While running, it connects to the Internet address DedLoadLM2200.babylon.com on port 80 using the HTTP protocol.

File name:

uninstbb.exe

Publisher:

Babylon Ltd. (signed and verified)

MD5:

dd382c20276dc7ac6284e27573b83fde

SHA-1:

6e346394f8e2ecc8af95b514d3d5565ad9f51350

SHA-256:

49dfb501642c26ef7c280f9f7d84fb6129916eeb3608e00d3c54fb7089b4c909

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

11/6/2024 7:55:02 AM UTC (today)

Scan engine

Detection

Engine version

Comodo Security

Heur.Suspicious

3582

Reason Heuristics

PUP.Babylon.I

14.8.7.19

File size:

297.2 KB (304,352 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\babylon\babylon-pro\utils\uninstbb.exe

Digital Signature

Signed by:

Babylon Ltd.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

2/25/2008 2:00:00 AM

Valid to:

3/4/2009 1:59:59 AM

Subject:

CN=Babylon Ltd., OU=SECURE APPLICATION DEVELOPMENT, O=Babylon Ltd., L=Or-Yehuda, S=Or-Yehuda, C=IL

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

2DCCFE07B39A48CC9D8AF0E260C1FBCF

File PE Metadata

Compilation timestamp:

3/11/2008 9:12:53 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

3072:5DIuUhRgcsVHMDpbwRS13f9G1DDjozCXWE/JSZzxPyuiAnUjPe13tiVNNJDButX9:5vhcsVKpbzG1H2e4ZzviPstunjY9

Entry address:

0x20C52

Entry point:

E8, 34, 85, 00, 00, E9, 16, FE, FF, FF, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 00, 01, 00, 00, 72, 0E, 83, 3D, 34, B3, 44, 00, 00, 74, 05, E9, EA, 85, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75, F6, 8B, 44, 24... 
[+]

Entropy:

6.2168

Code size:

196.5 KB (201,216 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to DedLoadLM2200.babylon.com (184.154.27.235:80)

TCP (HTTP):

Connects to LB2200.babylon.com (69.175.64.72:80)

TCP (HTTP):

Connects to sh3srv1.babylon.com (198.143.128.241:80)

TCP (HTTP):

Connects to ba-sh-us-dc1-020.babsft.com (69.175.51.134:80)

TCP (HTTP):

Connects to ba-sh-nl-dc1-007.babsft.com (198.20.106.254:80)

TCP (HTTP):

Connects to ba-sh-nl-dc1-.005.com (198.20.96.179:80)

TCP (HTTP):

Connects to ba-sh-nl-dc-006.babsft.com (107.6.141.14:80)

Remove uninstbb.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.