» 080514_h.exe
Overview
Analysis
File Details

080514_h.exe

The application 080514_h.exe has been detected as a potentially unwanted program by 19 anti-malware scanners. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.

File name:

080514_h.exe

MD5:

e2d47f11a0f278e308929c04d1cc1e13

SHA-1:

bd53f1056adf855aef3febfd02c107570f7bbb95

SHA-256:

ef74df07bea576a5a4ed026f62b9e69125b4e27f965be2053ca708e92697a02c

Scanner detections:

19 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 3:31:58 AM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

W32.Sality

2.1.4+

Agnitum Outpost

PUA.Toolbar.Babylon

7.1.1

AhnLab V3 Security

Malware/Win32.Generic

2014.07.28

Avira AntiVirus

TR/Crypt.XPACK.Gen

7.11.30.172

Baidu Antivirus

Trojan.Win32.Toolbar

4.0.3.14727

Bkav FE

W32.Clod95a.Trojan

1.3.0.4923

Comodo Security

UnclassifiedMalware

16361

Dr.Web

Adware.Babylon.8

9.0.1.0208

Emsisoft Anti-Malware

Riskware.Win32.Toolbar.Babylon.AMN

8.14.07.27.08

ESET NOD32

Win32/Toolbar.Babylon.E potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/Toolbar_Babylon

7/27/2014

Malwarebytes

PUP.Optional.Babylon.A

v2014.07.27.08

McAfee

Artemis!52C88A3FDD9C

5600.7056

NANO AntiVirus

Riskware.Win32.Babylon.craswq

0.28.0.57029

Reason Heuristics

Threat.Win.Reputation.IMP

14.7.27.20

Rising Antivirus

PE:Trojan.Win32.Generic.16CA7579!382367097

23.00.65.14725

Sophos

Mal/FakeAV-OY

4.98

Trend Micro House Call

TROJ_GEN.F47V0207

7.2.208

VIPRE Antivirus

Babylon

25390

File size:

313 KB (320,496 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\080514_h.exe

File PE Metadata

Compilation timestamp:

5/21/2013 8:43:16 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:Podz1ZzpyvQzc9+V4Tr3cvriAWj/TYGWBEQDLvzoJ5t3ju4OQ5zIvk:gdz+rYeKrpWzRWBEQDLvzoJ5hju4Oxv

Entry address:

0x15A7

Entry point:

55, 8D, AC, 24, 40, F6, FF, FF, 81, EC, 3C, 0A, 00, 00, A1, 00, 50, 40, 00, 33, C5, 89, 85, BC, 09, 00, 00, 53, 56, 33, DB, 57, 8D, 75, 88, 88, 5D, 87, C6, 45, 86, 01, E8, AD, 05, 00, 00, 53, 89, 9D, DC, 01, 00, 00, 89, 9D, E0, 01, 00, 00, 89, 9D, E4, 01, 00, 00, C7, 85, E8, 01, 00, 00, 03, 00, 00, 00, FF, 55, C4, 89, 85, D8, 01, 00, 00, 8B, C6, E8, FD, F9, FF, FF, 3B, C3, 0F, 85, 0A, 01, 00, 00, 8D, 85, EC, 01, 00, 00, 50, 8B, FE, E8, 35, FF, FF, FF, 8B, F8, 3B, FB, 0F, 85, C0, 00, 00, 00, 33, FF, 66, 39... 
[+]

Code size:

11.5 KB (11,776 bytes)

Remove 080514_h.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.