home

babylon.exe

Babylon Client

Babylon Ltd.

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application babylon.exe, “Babylon Information Tool” by Babylon has been detected as adware by 7 anti-malware scanners. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. While running, it connects to the Internet address DedLoadLM2200.babylon.com on port 80 using the HTTP protocol.
Publisher:
Babylon Ltd.  (signed and verified)

Product:
Babylon Client

Description:
Babylon Information Tool

Version:
7.0.0.16

MD5:
082b31b0e15279eeaffad919181e77ea

SHA-1:
5f5470f40e50014fad71999cf8a81ada4021478c

SHA-256:
74cbbb48865ef121e1be1b1c410236e84752f259eebf740453393883de5f5713

Scanner detections:
7 / 68

Status:
Adware

Analysis date:
4/19/2024 2:38:09 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.Bbylon
4.0.3.151121

Bkav FE
W32.HfsAdware
1.3.0.6979

IKARUS anti.virus
not-a-virus.Crack.Babylon
t3scan.1.8.6.0

Microsoft Security Essentials
Adware:Win32/Babylon
1.163.1557.0

Prevx
Generic.Malware
3.0.11

Reason Heuristics
PUP.Babylon (M)
15.11.21.9

Trend Micro House Call
Suspicious_GEN.F47V1228
7.2.325

File size:
2.9 MB (3,032,800 bytes)

Product version:
7.0.0.16

Copyright:
Copyright © Babylon Ltd. 1997-2007

Original file name:
babylon.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\babylon\babylon.exe

Digital Signature
Signed by:
Babylon Ltd.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
2/8/2007 3:30:00 AM

Valid to:
3/4/2008 3:29:59 AM

Subject:
CN=Babylon Ltd., OU=SECURE APPLICATION DEVELOPMENT, O=Babylon Ltd., L=Or-Yehuda, S=Or-Yehuda, C=IL

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
5B4F1D6192C4E67D48917FA06B93483F

File PE Metadata
Compilation timestamp:
11/1/2007 4:34:31 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:oF2q133JxkTnrQ+3VYDdvwtTp1otgdMhWiMN7FNO4WQWBkddhCC2FElVrf4EZpF:cpIFgdGd1i4FN1WQekv90EnF

Entry address:
0x1706BF

Entry point:
E8, 22, D1, 00, 00, E9, 16, FE, FF, FF, 55, 8B, EC, 83, EC, 10, 56, 8B, 75, 08, 57, 33, FF, 3B, F7, 89, 7D, FC, 75, 1E, E8, 08, 07, 00, 00, 6A, 16, 5E, 57, 57, 57, 57, 57, 89, 30, E8, 45, B1, FF, FF, 83, C4, 14, 8B, C6, E9, 06, 02, 00, 00, 6A, 24, 68, FF, 00, 00, 00, 56, E8, 18, 0F, 00, 00, 8B, 45, 0C, 83, C4, 0C, 3B, C7, 74, CB, 8B, 08, 8B, 40, 04, 3B, C7, 89, 4D, F0, 89, 45, F4, 7F, 12, 7C, 04, 3B, CF, 73, 0C, E8, BE, 06, 00, 00, 6A, 16, 5E, 89, 30, EB, C1, 83, F8, 07, 7C, 0A, 7F, A3, 81, F9, FF, 6F, 40...
 
[+]

Entropy:
6.2969

Code size:
1.8 MB (1,851,392 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to DedLoadLM2200.babylon.com  (184.154.27.235:80)

Remove babylon.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.