home

babylon10_setup_ns.exe

Babylon Setup

Babylon Software

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application babylon10_setup_ns.exe by Babylon Software has been detected as adware by 3 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from www.babylon.com and multiple other hosts.
Publisher:
Babylon Software Ltd.  (signed by Babylon Software)

Product:
Babylon Setup

Description:
Babylon Setup SE

Version:
9.2.0.0

MD5:
a162c4c2e72d41d96b13d9f5c1a55a6f

SHA-1:
9e1169eb0d7edd5b1723c6b21aac82f5779180cd

SHA-256:
b22d38cdf7336566a18f1f3ab0375b3744f51645238da00e3fe8a8972d9639f8

Scanner detections:
3 / 68

Status:
Adware

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
4/26/2024 8:46:00 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Babylon.36
9.0.1.0142

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Babylon.Installer
15.5.22.16

File size:
732.4 KB (749,936 bytes)

Product version:
9.2.0.0

Copyright:
Copyright © Babylon Software Ltd. 1997-2015

Original file name:
SetupStub.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
Babylon Software

Authority:
VeriSign, Inc.

Valid from:
12/7/2014 7:00:00 PM

Valid to:
12/7/2016 6:59:59 PM

Subject:
CN=Babylon Software, O=Babylon Software, L=Or Yehuda, S=Tel Aviv, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7B8E754BED548B30647F4329D78D3F91

File PE Metadata
Compilation timestamp:
4/19/2015 8:29:59 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:KZW6UKNnXYYE4oZG+EcuZy1Vh1r/y1EpRaq/4KeNB1+l7i/WDK10Z6zvv4g8AkLx:KzUKNEjdh1VzFmqAKqBuDKBz5U

Entry address:
0x4EEF

Entry point:
E8, 46, 26, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 28, 4A, 41, 00, E8, 0B, 28, 00, 00, E8, A1, 13, 00, 00, 0F, B7, F0, 6A, 02, E8, D9, 25, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 98, 1D, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.8869  (probably packed)

Code size:
59.5 KB (60,928 bytes)

The file babylon10_setup_ns.exe has been seen being distributed by the following 50 URLs.

http://www.babylon.com/.../download.cgi?type=100&d=e033c86c1d02e4c1727bfaa991fdee96&hclink=1

http://www.babylon.com/.../download.cgi?type=100&d=44ac62e15804fa2c18413a8f0a40a065

http://www.babylon.com/.../download.cgi?type=100&d=490680d7503122cfd7a3f9863b088d7b&hclink=1

http://r2.computerbild.de/exec/r2r.pl?m=w-cobi;u=http://d.computerbild.de/downloads/.../Babylon10_setup_ns.exe

http://www.babylon.com/.../download.cgi?type=100&d=47585745aa286779f169a4fa4841083d&hclink=1

http://ppdjs.brothersoft.com/ppd_stat.php?url=/d.php?soft_id=48245&url=http://www.babylon.com/redirects/download.cgi?type=100&affID=115144&c=cfb8CYyeUOjsVOKHUJQIBACCtdzuD9QWbJyz4DuK2U8js9doTKMziRWeIhMkRWoOxfGGir1PUdrFfPzfHUEXf9BUVTlYSKqcYJhgDoc0izlrD9ItyCnNONfynMeDFY D2noQz8YmkTpu9JzOhMUMkPYcvnb3DD2JivAVnvyiOAvXfxc2mUT/.../6h wJc26l9bXOTaov077LSHWp r9cS5s

http://www.babylon.com/.../download.cgi?type=100&d=5081b63c7ab3db910109dde64e808559

http://www.babylon.com/.../download.cgi?type=100

http://www.babylon.com/.../download.cgi?type=100&d=e778faa1222131750f3acc605f884109

http://www.babylon.com/.../download.cgi?type=100&d=47585745aa286779f169a4fa4841083d

http://www.babylon.com/.../download.cgi?type=100&d=149521fc9b8eb0d2037dc3cf6e785439

http://www.babylon.com/.../download.cgi?type=100&d=98458d5b1fc3231c065aead0152c6e18

http://www.babylon.com/.../download.cgi?type=100&d=89e15504da37cbb47f382ce0d78ff4bb

http://www.babylon.com/.../download.cgi?type=100&d=dac278f63c100b829bd9a6caba9ee93f

http://www.babylon.com/.../download.cgi?type=100&d=e93f48090165c5e4e8e5bcda313ec45c

http://www.babylon.com/.../download.cgi?type=100&d=88e6c265f35fd26413d6542b723b0334

http://www.babylon.com/.../download.cgi?type=100&d=0d5ff73549be104c1778d2897a348256

http://www.babylon.com/.../download.cgi?type=100&d=41e4ae2a37b94ceb947d0cbc2fba6519&hclink=1

http://www.babylon.com/.../download.cgi?type=100&d=c5347b522e1ea5f6ac0bb565b90a890f

http://www.babylon.com/.../download.cgi?type=100&d=c5347b522e1ea5f6ac0bb565b90a890f&hclink=1

http://www.babylon.com/.../download.cgi?type=100&d=75d4a54cbcda1daf045015b86612cbb2&hclink=1

http://www.babylon.com/.../download.cgi?type=100&d=310b35c33e57f10e5899abfd3b46cde4

http://www.babylon.com/.../download.cgi?type=100&d=fd23e11b99a0a531c4ca808c329f909c

http://www.babylon.com/.../download.cgi?type=100&d=0ff64b9b935419de10659b11988e8e3a&hclink=1

http://www.babylon.com/.../download.cgi?type=100&d=dfb3ef54585dccada17728da84d1604d

http://www.babylon.com/.../download.cgi?type=100&d=5e024136ab1bca15adacce29c740ead7

http://www.babylon.com/.../download.cgi?type=100&d=eebed97538cbeeb0bcc4adf659ac2b85

http://dl.babylon.com/site/files/.../Babylon10_setup.exe

http://www.babylon.com/.../download.cgi?type=100&d=75d4a54cbcda1daf045015b86612cbb2

http://www.babylon.com/.../download.cgi?type=100&d=1197a219779b79c7d2b43aaa2e818827

Latest 30 of 57 download URLs

Remove babylon10_setup_ns.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.