home

1.exe

Babylon Client Setup 1.0

Babylon Ltd.

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application 1.exe, “Babylon Client Setup” by Babylon has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.
Publisher:
Babylon Ltd.  (signed and verified)

Product:
Babylon Client Setup 1.0

Description:
Babylon Client Setup

Version:
1.0.9.0

MD5:
4a134fa35039f3ab2c22bf39447866d5

SHA-1:
be0995c0c4f84f705a480ab3f34446785a018549

SHA-256:
e184e4089d3e9eac49a7a16fb7304191fb8e26abff312c185a6da24c4ed24dd5

Scanner detections:
1 / 68

Status:
Adware

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
4/26/2024 9:17:58 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Babylon.Installer (M)
16.2.1.1

File size:
833.1 KB (853,104 bytes)

Copyright:
2011(c) Babylon Ltd. All rights reserved.

Original file name:
Setup_Stub.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\1.exe

Digital Signature
Signed by:
Babylon Ltd.

Authority:
Thawte, Inc.

Valid from:
2/10/2011 12:00:00 PM

Valid to:
3/9/2012 11:59:59 AM

Subject:
CN=Babylon Ltd., O=Babylon Ltd., L=Or-Yehuda, S=Or-Yehuda, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
23EB6FA7C450FB11E23708D04D92DD17

File PE Metadata
Compilation timestamp:
8/18/2011 7:34:47 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:JFlzuyUbD4MGiJ29hJbP9bEtTsE4gybSm6:flKy6FGQ2PJl8/4v6

Entry address:
0x1454

Entry point:
55, 8B, EC, 83, E4, F8, 81, EC, 04, 0A, 00, 00, A1, 00, 50, 40, 00, 33, C4, 89, 84, 24, 00, 0A, 00, 00, 53, 56, 57, 6A, 00, FF, 15, 34, 40, 40, 00, 8D, 5C, 24, 28, 8B, F8, C6, 44, 24, 0F, 00, E8, 8E, FD, FF, FF, 84, C0, 75, 08, 6A, FF, FF, 15, 38, 40, 40, 00, 6A, 0A, 68, 90, 41, 40, 00, 57, FF, 15, 54, 40, 40, 00, 33, DB, 3B, C3, 74, 16, 50, 8D, 44, 24, 28, 50, 8D, 44, 24, 18, 50, 57, E8, EA, 03, 00, 00, 83, C4, 10, EB, 05, B8, 16, 07, 00, 00, 3B, C3, 75, 33, 8D, 44, 24, 14, 50, 8B, 44, 24, 14, 8D, 4C, 24...
 
[+]

Entropy:
7.9893

Developed / compiled with:
Microsoft Visual C++

Code size:
9.5 KB (9,728 bytes)

Remove 1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.