home

babylon10_setup_ns.exe

Visual Tools Client Setup 1.0

Babylon Software

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application babylon10_setup_ns.exe, “Visual Tools Client Setup” by Babylon Software has been detected as adware by 8 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.
Publisher:
Visual Tools Ltd.  (signed by Babylon Software)

Product:
Visual Tools Client Setup 1.0

Description:
Visual Tools Client Setup

Version:
1.0.5.0

MD5:
099ae342b126f706327415603112a408

SHA-1:
aefea1ed691d37567ff048d6152e460f110271e6

SHA-256:
5aa1402ae00a2dea1eadb5b8283eac94e22d3f660404fe5ab4e415d1ba54cf1e

Scanner detections:
8 / 68

Status:
Adware

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
4/25/2024 7:05:13 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Toolbar.Babylon
7.1.1

Dr.Web
Adware.Searcher.2766
9.0.1.0129

ESET NOD32
Win32/Toolbar.Babylon.AD (variant)
9.11042

IKARUS anti.virus
PUA.Toolbar.Babylon
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.202.15549

NANO AntiVirus
Riskware.Win32.Searcher.dotdbm
0.30.10.952

Reason Heuristics
PUP.Installer.Babylon
15.2.14.11

Trend Micro House Call
Suspicious_GEN.F47V0119
7.2.20

File size:
708.3 KB (725,344 bytes)

Copyright:
2011(c) Visual Tools Ltd. All rights reserved.

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\babylon10_setup_ns.exe

Digital Signature
Signed by:
Babylon Software

Authority:
VeriSign, Inc.

Valid from:
12/8/2014 5:00:00 AM

Valid to:
12/8/2016 4:59:59 AM

Subject:
CN=Babylon Software, O=Babylon Software, L=Or Yehuda, S=Tel Aviv, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7B8E754BED548B30647F4329D78D3F91

File PE Metadata
Compilation timestamp:
10/22/2014 1:00:48 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:SPTM7Cmso5YjHK9rZ27aZDemAynwDlnAfrv/jpS4fSJ+N9wSMK/hr8pp:yI71soyj+rZ2mDrv/jpS4fMt/68pp

Entry address:
0x2703

Entry point:
E8, 10, 1D, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 48, 3A, 41, 00, E8, C7, 1E, 00, 00, E8, EC, 01, 00, 00, 0F, B7, F0, 6A, 02, E8, A3, 1C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 84, 16, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.8226  (probably packed)

Code size:
51.5 KB (52,736 bytes)

The file babylon10_setup_ns.exe has been seen being distributed by the following 50 URLs.

http://www.babylon.com/.../download.cgi?type=100&d=ece9110c1b6ffd523daedad904f46384

http://www.babylon.com/.../download.cgi?type=100&d=293c6bea37baa4b41560492d4159e7e6

http://www.babylon.com/.../download.cgi?type=100&d=0180d10353e41165bcf1e8df464b2f7f&hclink=1

http://www.babylon.com/.../download.cgi?type=100&d=207ec9284e5f502d6cb3baaf0372ea5a&hclink=1

http://www.babylon.com/.../download.cgi?type=100&d=f95e6df5aab0eedb9c8ef5f3ddb45af9

http://babylon.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fl6CIn6Cmlpo=

http://www.babylon.com/.../download.cgi?type=100&affID=1010

http://dl.babylon.com/site/files/.../Babylon9_setup_dict.exe

http://www.babylon.com/.../download.cgi?type=100&d=bc17a65b0210bcfe1e22ea2557c448c7

http://www.babylon.com/.../download.cgi?type=100&d=a8a46e127338ccb5f8312309302a98a9

http://www.babylon.com/.../download.cgi?type=100&d=46aaae5d269dbbb74886ef5b0f7da0f7

http://www.babylon.com/.../download.cgi?type=100&d=6c678a8e7f70bf8a0daf48b40d849327

http://www.babylon.com/.../download.cgi?type=100&d=55cea4c1a7b98d413b5a3faf479c2960&hclink=1

http://www.babylon.com/.../download.cgi?type=7000

http://www.babylon.com/.../download.cgi?type=100&affID=14353

http://www.babylon.com/.../download.cgi?type=100&d=11d1f16dcc4da0ae8c098e8966d3b654&hclink=1

http://www.babylon.com/.../download.cgi?type=100&d=cf139ebea5915ff220ccd86e4170a47e

http://www.babylon.com/.../download.cgi?type=100&d=ae37459959f0d59b88fd7fc3920340b4

http://www.babylon.com/.../babylon50_setup_eng_eng.exe

http://www.babylon.com/.../download.cgi?type=100&d=ae8145a8cfb98e50e751de0cf99fccaf

http://dl.babylon.com/site/files/.../Babylon10_setup.exe

http://www.babylon.com/.../download.cgi?type=100&d=602beb7a63c5b67b726f15d15daf104b

http://www.babylon.com/.../download.cgi?type=100&d=02a3c658795e1e87f424752a58a55450

http://bit.ly/LYubnE

http://www.babylon.com/.../download.cgi?type=100&d=f4717a0df15b4918aa0f91fe72d5166e&hclink=1

http://www.babylon.com/.../download.cgi?type=100&d=0ac5e0d8589b92e6e3e615d070689460

http://www.babylon.com/.../download.cgi?type=100&d=643ea316f414b0f17a31064111561fda

http://www.babylon.com/.../download.cgi?type=100&d=6edeff18fc7506bf5fab7a8e7ff2c429

http://ppdjs.brothersoft.com/ppd_stat.php?url=/d.php?soft_id=48245&url=http://www.babylon.com/redirects/download.cgi?type=100&affID=115144&c=0e55xY92a18kTsB6LKj/tj1HZyFbRV/.../BdEivkGiMtjZTCy5Sbbn5sPqond7e4gpRwWeFtPe88dxix2L IdblWig4aNuvhUPMWgaQGc2eb4 qvjocPWhhJMrg5BvgPkEKKD5jf6HZgLUH4WCfSZolbG3dQ73eQAcVUHL3RA1YgAD72L1G4uiCVlaJpmm3WbJUVFIqX IggeMXIg2okQVY

http://www.babylon.com/.../download.cgi?type=100&d=805f4c1cc87666a9eb5a60ec47abba94&hclink=1

Latest 30 of 156 download URLs

Remove babylon10_setup_ns.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.