» babylon.exe
Overview
Analysis
File Details
Network (3)

babylon.exe

Babylon Client

Babylon Ltd.

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application babylon.exe, “Babylon Information Tool” by Babylon has been detected as adware by 8 anti-malware scanners. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. While running, it connects to the Internet address singhop0013.babsft.com on port 80 using the HTTP protocol.

File name:

babylon.exe

Publisher:

Babylon Ltd. (signed and verified)

Product:

Babylon Client

Description:

Babylon Information Tool

Version:

7.0.1.4

MD5:

18a8200648551b95700f41bb82debcf7

SHA-1:

35e1931ca44f13ec56aeee032e94f1976bc78d9e

SHA-256:

aa378c7ca3e26f86bbd94937cca59d5e38713f844ea88835274b8098ad6c35cd

Scanner detections:

8 / 68

Status:

Adware

Analysis date:

4/26/2024 11:29:49 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.Bbylon

4.0.3.16131

Bkav FE

W32.HfsAdware

1.3.0.6979

Boost by Reason

Optional.Babylon

188838

IKARUS anti.virus

not-a-virus.Crack.Babylon

t3scan.1.8.6.0

Microsoft Security Essentials

Adware:Win32/Babylon

1.163.1557.0

Prevx

Generic.Malware

3.0.1

Reason Heuristics

PUP.Babylon (M)

16.1.31.18

Trend Micro House Call

Suspicious_GEN.F47V1228

7.2.31

File size:

3 MB (3,116,768 bytes)

Product version:

7.0.1.4

Original file name:

babylon.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Digital Signature

Signed by:

Babylon Ltd.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

2/8/2007 2:00:00 AM

Valid to:

3/4/2008 1:59:59 AM

Subject:

CN=Babylon Ltd., OU=SECURE APPLICATION DEVELOPMENT, O=Babylon Ltd., L=Or-Yehuda, S=Or-Yehuda, C=IL

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

5B4F1D6192C4E67D48917FA06B93483F

File PE Metadata

Compilation timestamp:

12/18/2007 2:40:50 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

24576:JGsMNhm6F+DoUwloJuSJKV+Haa555U9VofKhbNKAh1NBwIiEy+QSn4SbMFCLeZRj:dce5io2Ngxfi76NCA7SC3axc7Z

Entry address:

0x17D4DF

Entry point:

E8, 02, D1, 00, 00, E9, 16, FE, FF, FF, 55, 8B, EC, 83, EC, 10, 56, 8B, 75, 08, 57, 33, FF, 3B, F7, 89, 7D, FC, 75, 1E, E8, 83, 0A, 00, 00, 6A, 16, 5E, 57, 57, 57, 57, 57, 89, 30, E8, BB, B0, FF, FF, 83, C4, 14, 8B, C6, E9, 06, 02, 00, 00, 6A, 24, 68, FF, 00, 00, 00, 56, E8, 18, 0F, 00, 00, 8B, 45, 0C, 83, C4, 0C, 3B, C7, 74, CB, 8B, 08, 8B, 40, 04, 3B, C7, 89, 4D, F0, 89, 45, F4, 7F, 12, 7C, 04, 3B, CF, 73, 0C, E8, 39, 0A, 00, 00, 6A, 16, 5E, 89, 30, EB, C1, 83, F8, 07, 7C, 0A, 7F, A3, 81, F9, FF, 6F, 40... 
[+]

Entropy:

6.3017

Code size:

1.8 MB (1,917,440 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to singhop0014.babsft.com (96.127.151.132:80)

TCP (HTTP):

Connects to singhop0013.babsft.com (108.163.228.180:80)

TCP (HTTP):

Connects to sh3srv1.babylon.com (198.143.128.242:80)

Remove babylon.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.