» 6d1f843002eee44d0c5ff4b068e8a83853ab4bc1
Overview
Analysis
File Details

6d1f843002eee44d0c5ff4b068e8a83853ab4bc1

Babylon Setup

Babylon Software

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The file 6d1f843002eee44d0c5ff4b068e8a83853ab4bc1 by Babylon Software has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the Mozilla Firefox web browser as part of an addin/plugin. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.

File name:

Publisher:

Babylon Software Ltd. (signed by Babylon Software)

Product:

Babylon Setup

Description:

Babylon Setup SE

Version:

10.1.0.0

MD5:

305a727f2916cac12e9cafa7375b94d1

SHA-1:

3c4113600b0304f085b9c00bbdf1ef5970daa252

SHA-256:

be7b3c886d2a5e0a05fd0edb71f893369f6ef97f4d2e4f880e392ddb2f82b2f0

Scanner detections:

1 / 68

Status:

Adware

Explanation:

The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:

5/15/2024 8:06:03 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Babylon (M)

17.2.27.18

File size:

667.1 KB (683,161 bytes)

Product version:

10.1.0.0

Original file name:

SetupStub.exe

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\mozilla\firefox\profiles\{user}.default\cache2\entries\6d1f843002eee44d0c5ff4b068e8a83853ab4bc1

Digital Signature

Signed by:

Babylon Software

Authority:

Symantec Corporation

Valid from:

12/17/2016 4:00:00 PM

Valid to:

12/19/2018 3:59:59 PM

Subject:

CN=Babylon Software, O=Babylon Software, L=Or Yehuda, S=Tel Aviv, C=IL

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

535E5B3D200DC645604652E1C4259489

File PE Metadata

Compilation timestamp:

12/18/2016 3:23:54 AM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

Entry address:

0x4EFA

Entry point:

E8, 8D, 02, 00, 00, E9, 80, FE, FF, FF, 55, 8B, EC, A1, 04, 80, 41, 00, 83, E0, 1F, 6A, 20, 59, 2B, C8, 8B, 45, 08, D3, C8, 33, 05, 04, 80, 41, 00, 5D, C3, 55, 8B, EC, 8B, 45, 08, 56, 8B, 48, 3C, 03, C8, 0F, B7, 41, 14, 8D, 51, 18, 03, D0, 0F, B7, 41, 06, 6B, F0, 28, 03, F2, 3B, D6, 74, 19, 8B, 4D, 0C, 3B, 4A, 0C, 72, 0A, 8B, 42, 08, 03, 42, 0C, 3B, C8, 72, 0C, 83, C2, 28, 3B, D6, 75, EA, 33, C0, 5E, 5D, C3, 8B, C2, EB, F9, E8, 42, 07, 00, 00, 85, C0, 75, 03, 32, C0, C3, 64, A1, 18, 00, 00, 00, 56, BE, 10... 
[+]

Entropy:

7.9050 (probably packed)

Code size:

61.5 KB (62,976 bytes)

Remove 6d1f843002eee44d0c5ff4b068e8a83853ab4bc1 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.