home

babylon8_setup.exe

Babylon Ltd.

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application babylon8_setup.exe by Babylon has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.
Publisher:
Babylon Ltd.  (signed and verified)

MD5:
6325c7fe76bc79b72d416672f0572f09

SHA-1:
09e49ee9dbd5d1691fc237f736a7282257f9b081

SHA-256:
d04ca27f42e49c044777318275233b3746b0f5cc9fa137278b34185d782ab46b

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/19/2024 4:23:45 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Babylon.Installer (M)
15.12.17.0

File size:
11.4 MB (11,944,888 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\babylon8_setup.exe

Digital Signature
Signed by:
Babylon Ltd.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
2/10/2010 4:00:00 PM

Valid to:
3/9/2011 3:59:59 PM

Subject:
CN=Babylon Ltd., O=Babylon Ltd., L=Or-Yehuda, S=Or-Yehuda, C=IL

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
6BA9E210D535C6932A9CE11E3A78ED09

File PE Metadata
Compilation timestamp:
1/9/2001 6:09:05 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.10

CTPH (ssdeep):
196608:XhNr2eFH4xC5BOH4xC5BJuBMUKh40Lw78PiMwPuPIoKGeR5:Dr2hxClxCJ4RIP1PIoK55

Entry address:
0x3F8F

Entry point:
DD, 81, 51, 17, 0D, A5, 47, 02, EF, 80, 5D, FC, 98, 42, 3B, 79, 3A, 4C, CD, D7, CD, 18, 2F, 35, 74, 21, 3E, EF, EF, DB, 3F, 5F, C5, DD, 25, 57, 84, 3E, EC, AF, D0, 30, 3E, E1, 4E, 3E, D9, D9, 1E, 39, 0C, C7, 86, AD, 32, 9B, 77, 69, 10, 63, FD, 92, FC, 38, F2, 5D, B3, 45, 5A, D5, 51, 0D, 71, 5A, ED, DE, 00, AA, DD, 6C, EE, 64, E2, 6A, 20, 48, 6F, 72, 7B, 44, C6, CD, A9, B4, 42, F1, 4E, 78, AC, D8, D0, F2, 85, 0F, F4, A2, 01, 92, 9B, B5, EB, D6, 96, 13, 99, 7E, 0A, B2, 63, 4F, 73, A0, D1, B3, 44, 62, F1, 68...
 
[+]

Entropy:
7.1963

Code size:
21.5 KB (22,016 bytes)

Remove babylon8_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.