» babylon.exe
Overview
Analysis
File Details

babylon.exe

Babylon Client

Babylon Ltd.

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application babylon.exe, “Babylon Information Tool” by Babylon has been detected as adware by 5 anti-malware scanners. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.

File name:

babylon.exe

Publisher:

Babylon Ltd. (signed and verified)

Product:

Babylon Client

Description:

Babylon Information Tool

Version:

8.1.0.16

MD5:

0bb0afba51d5b68d1c5a16e5f66eb4fb

SHA-1:

24ccbc2d77f5162344ee39ff7d0870f1bf9dd850

SHA-256:

b1755b10a6f5f01c7cd8f5c42cdff8b0eae24ce1ef7e988c72d1cea32eebb235

Scanner detections:

5 / 68

Status:

Adware

Analysis date:

4/25/2024 5:53:06 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.Bbylon

4.0.3.16122

Bkav FE

W32.HfsAdware

1.3.0.7237

Boost by Reason

Optional.Babylon

188838

Microsoft Security Essentials

Adware:Win32/Babylon

1.163.1557.0

Reason Heuristics

PUP.Babylon (M)

16.1.22.5

File size:

3.6 MB (3,825,080 bytes)

Product version:

8.1.0.16

Original file name:

babylon.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\babylon\babylon-pro\babylon.exe

Digital Signature

Signed by:

Babylon Ltd.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

2/11/2010 3:30:00 AM

Valid to:

3/10/2011 3:29:59 AM

Subject:

CN=Babylon Ltd., O=Babylon Ltd., L=Or-Yehuda, S=Or-Yehuda, C=IL

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

6BA9E210D535C6932A9CE11E3A78ED09

File PE Metadata

Compilation timestamp:

10/17/2010 4:41:19 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

98304:2A2eU9Oc4EAO1XAcIA2KmUQNjU6VUbkMB11+USiDrXgMF:2fjtAO1XAcIA2KmUQNjzVUN11+U9QS

Entry address:

0xDF0E9

Entry point:

E8, 15, FF, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 48, 53, 33, DB, 57, 8B, F8, 89, 5D, F8, 89, 5D, FC, 3B, FB, 75, 22, E8, 75, 07, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, CF, E4, FF, FF, 83, C4, 14, 83, CA, FF, 8B, C2, E9, 77, 02, 00, 00, 8B, 47, 14, 99, 8B, C8, 8B, C2, 89, 4D, EC, 83, C1, BB, 89, 45, F0, 83, D0, FF, 56, 3B, C3, 0F, 87, 49, 02, 00, 00, 72, 0C, 81, F9, 08, 04, 00, 00, 0F, 87, 3B, 02, 00, 00, 8B, 47, 10, 3B, C3, 7C, 05, 83, F8, 0B, 7E, 46, 99, 6A, 0C, 59, F7... 
[+]

Entropy:

6.5215

Code size:

2.4 MB (2,510,848 bytes)

Remove babylon.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.