home

babylon.exe

Babylon Client

Babylon Ltd.

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application babylon.exe, “Babylon Information Tool” by Babylon has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. While running, it connects to the Internet address singhop0013.babsft.com on port 80 using the HTTP protocol.
Publisher:
Babylon Ltd.  (signed and verified)

Product:
Babylon Client

Description:
Babylon Information Tool

Version:
9.0.0.30

MD5:
0b52da4b518ab7c0ecac3b0c14a866ef

SHA-1:
e03539a006c303692fac2c9877635ed070b0ed0c

SHA-256:
1a8ec75af7b938e5daf6c1afd72b1859aec77d8c27e04ad94c0416091cb4a011

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/25/2024 7:41:19 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Babylon (M)
17.2.18.14

File size:
3.2 MB (3,343,800 bytes)

Product version:
9.0.0.30

Copyright:
Copyright © Babylon Ltd. 1997-2011

Original file name:
babylon.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\babylon\babylon-pro\babylon.exe

Digital Signature
Signed by:
Babylon Ltd.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
2/11/2010 2:00:00 AM

Valid to:
3/10/2011 1:59:59 AM

Subject:
CN=Babylon Ltd., O=Babylon Ltd., L=Or-Yehuda, S=Or-Yehuda, C=IL

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
6BA9E210D535C6932A9CE11E3A78ED09

File PE Metadata
Compilation timestamp:
1/25/2011 7:57:48 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0xCAE91

Entry point:
E8, 34, 09, 01, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 48, 53, 33, DB, 57, 8B, F8, 89, 5D, F8, 89, 5D, FC, 3B, FB, 75, 22, E8, 3B, 08, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, C1, E5, FF, FF, 83, C4, 14, 83, CA, FF, 8B, C2, E9, 77, 02, 00, 00, 8B, 47, 14, 99, 8B, C8, 8B, C2, 89, 4D, EC, 83, C1, BB, 89, 45, F0, 83, D0, FF, 56, 3B, C3, 0F, 87, 49, 02, 00, 00, 72, 0C, 81, F9, 08, 04, 00, 00, 0F, 87, 3B, 02, 00, 00, 8B, 47, 10, 3B, C3, 7C, 05, 83, F8, 0B, 7E, 46, 99, 6A, 0C, 59, F7...
 
[+]

Entropy:
6.4008

Code size:
2.2 MB (2,319,872 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to singhop0013.babsft.com  (108.163.228.180:80)

TCP (HTTP):
Connects to sh3srv1.babylon.com  (198.143.128.243:80)

Remove babylon.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.