home

babylon10_setup.exe

Babylon Ltd.

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application babylon10_setup.exe by Babylon has been detected as adware by 7 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from www.babylon.com and multiple other hosts.
Publisher:
Babylon Ltd.  (signed and verified)

MD5:
1d01667da31985b5385ec881837b0cbe

SHA-1:
98d33d9ae1103f1dabb1bcfbe2b00c71cbcc0a06

SHA-256:
9046db1dac1bbbe97aa6e9c8754cb54eb2bbdf8a84148e91dea4121747d30884

Scanner detections:
7 / 68

Status:
Adware

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
4/26/2024 2:41:44 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.Bbylon
4.0.3.14620

ESET NOD32
Win32/Toolbar.Babylon (variant)
8.9958

Fortinet FortiGate
Riskware/Toolbar_Babylon
6/20/2014

Malwarebytes
PUP.Optional.ToolBarInstaller.A
v2014.06.20.11

McAfee
Artemis!1D01667DA319
5600.7094

Reason Heuristics
PUP.Installer.Babylon.P
14.8.7.19

Trend Micro House Call
TROJ_GEN.F47V0605
7.2.171

File size:
632.1 KB (647,288 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\babylon10_setup.exe

Digital Signature
Signed by:
Babylon Ltd.

Authority:
Thawte, Inc.

Valid from:
2/12/2014 1:00:00 AM

Valid to:
3/8/2016 12:59:59 AM

Subject:
CN=Babylon Ltd., O=Babylon Ltd., L=Or-Yehuda, S=Or-Yehuda, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
4A3CB79EE8B7A32A0263FE5D13CC5291

File PE Metadata
Compilation timestamp:
10/31/2013 4:23:08 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:X4RHlGRX9cdm3bTiU7CPgN/2TqWokYPrDQSfiZFhWrtHbxquFKwM1hw:X4aTcdU5iYkmrDLfiZTWh7xdwR1hw

Entry address:
0x1C35

Entry point:
55, 8B, EC, 83, E4, F8, B8, 7C, 1A, 00, 00, E8, BB, 62, 00, 00, 53, 56, 33, DB, 57, 8D, 8C, 24, E0, 07, 00, 00, 88, 5C, 24, 0E, C6, 44, 24, 0F, 01, E8, E6, 1A, 00, 00, 53, 89, 9C, 24, 3C, 0A, 00, 00, 89, 9C, 24, 40, 0A, 00, 00, 89, 9C, 24, 44, 0A, 00, 00, C7, 84, 24, 48, 0A, 00, 00, 03, 00, 00, 00, FF, 94, 24, 20, 08, 00, 00, 8D, 8C, 24, E0, 07, 00, 00, 89, 84, 24, 34, 0A, 00, 00, E8, 6D, FA, FF, FF, 8D, 8C, 24, E0, 07, 00, 00, E8, DF, FA, FF, FF, 85, C0, 0F, 85, ED, 00, 00, 00, 8D, 44, 24, 10, 50, 8D, 8C...
 
[+]

Entropy:
7.8978

Developed / compiled with:
Microsoft Visual C++

Code size:
30 KB (30,720 bytes)

The file babylon10_setup.exe has been seen being distributed by the following 23 URLs.

http://www.babylon.com/.../download.cgi?type=100&d=603e56b4ad34c4ea1e2d4a0b248d98ae&hclink=1

http://www.babylon.com/.../download.cgi?type=100&lang=1

http://www.babylon.com/.../download.cgi?type=100&d=6d5375fc17a018a91c6e6be0ef236933

http://www.babylon.com/.../download.cgi?type=100&d=1c5508b020e27a5793056e0f192a2195

http://www.babylon.com/.../download.cgi?type=100&d=a5d15d557f724073270e775eb672ea48

http://www.babylon.com/.../download.cgi?type=100&d=ccd5d2ef7c31ae09d5b7dac72341081a

http://www.babylon.com/.../download.cgi?type=7415&d=80ea61efcb761ebacae239a1533ce418

http://www.babylon.com/.../download.cgi?type=100&d=7bfdc775b4d44f22232567079a437e55&hclink=1

http://www.babylon.com/.../download.cgi?type=100&d=9a6bcae165ab8872a0b54bfc6c5892f7

http://www.babylon.com/.../download.cgi?type=7415&d=4d73b3f8b45955d642dee4f6bc01489d

http://www.babylon.com/.../download.cgi?type=100&d=1af633a11c99eea7a290193c9aa36950

http://www.babylon.com/.../download.cgi?type=100&d=62c0d94646b5068c57c0912ce7bb4329

http://www.babylon.com/.../download.cgi?type=100&d=7ca90590297e9b5522cc56b503e22d4f

http://www.babylon.com/.../download.cgi?type=7404&d=d84eeebefdd158e236e65909190afbb7&trkupdate=[intrk:hp]

http://dl.babylon.com/site/files/.../Babylon10_setup.exe

http://www.babylon.com/.../download.cgi?type=100&d=afb75a75a8350ca85f42f6deb7a13e2e

http://dl.babylon.com/site/files/.../Babylon10_setup.exe

http://www.babylon.com/.../download.cgi?type=7404&d=e226b42da202f082c0ab7e88824b301a&trkupdate=[intrk:hp]

http://www.babylon.com/.../download.cgi?type=100&d=93f8a07a3f48034094c61054ceed90f0

http://dl.babylon.com/site/files/.../Babylon10_setup.exe

http://www.babylon.com/.../download.cgi?type=100&d=e6d3243dfecaa38d12ac458b8befb63c

http://dl.babylon.com/site/files/.../Babylon10_setup.exe

http://www.babylon.com/.../download.cgi?type=100&d=e59d8c957b0679dd41f787ec533c29dc

Remove babylon10_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.