wmp11-windowsxp-x86-fr-fr.exe

Babylon Ltd.

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application wmp11-windowsxp-x86-fr-fr.exe by Babylon has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from dl.babylon.com.
Publisher:
Babylon Ltd.  (signed and verified)

MD5:
0669b9ea66116fdc34fd5a23af97153e

SHA-1:
318fbaea6e55db80f9ea592a6f87ad28f699bf6b

SHA-256:
3f0c2c5ab7111113dc8addcd537b944466a561d0b1cb917bfbfdfa6f7003e4c4

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 12:42:01 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Babylon (M)
16.1.26.10

File size:
779.1 KB (797,848 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\wmp11-windowsxp-x86-fr-fr.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
2/27/2012 1:00:00 AM

Valid to:
3/9/2014 12:59:59 AM

Subject:
CN=Babylon Ltd., O=Babylon Ltd., L=Or-Yehuda, S=Or-Yehuda, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
48C39FBA62460E24E169054FE518E0AF

File PE Metadata
Compilation timestamp:
2/5/2012 7:12:30 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:Gq9ugyh9MCjdyTEUYCqiJ48NjphQh5b1D:z9udh9M2kJCiny5b9

Entry address:
0x1762

Entry point:
55, 8B, EC, 83, E4, F8, 81, EC, 38, 02, 00, 00, A1, 00, 50, 40, 00, 33, C4, 89, 84, 24, 34, 02, 00, 00, 56, 57, 33, FF, 57, FF, 15, 40, 40, 40, 00, 6A, 0A, 8B, F0, 68, E8, 41, 40, 00, 56, FF, 15, 5C, 40, 40, 00, 3B, C7, 74, 16, 50, 8D, 44, 24, 20, 50, 8D, 44, 24, 20, 50, 56, E8, 61, 03, 00, 00, 83, C4, 10, EB, 05, B8, 16, 07, 00, 00, 3B, C7, 0F, 85, BB, 00, 00, 00, 8B, C6, 8D, 4C, 24, 20, 89, 7C, 24, 08, 89, 7C, 24, 0C, 89, 7C, 24, 10, C7, 44, 24, 14, 03, 00, 00, 00, E8, 23, F8, FF, FF, 3B, C7, 0F, 85, 94...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
12 KB (12,288 bytes)

The file wmp11-windowsxp-x86-fr-fr.exe has been seen being distributed by the following URL.

Remove wmp11-windowsxp-x86-fr-fr.exe - Powered by Reason Core Security