» BabylonIEPI.dll
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

BabylonIEPI.dll

Babylon IE Addin

Babylon Ltd.

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The module BabylonIEPI.dll, “Babylon Internet Explorer Addin” by Babylon has been detected as adware by 3 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Babylon IE plugin’. This file is typically installed with the program Babylon by Babylon Ltd. which is a potentially unwanted software program. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.

File name:

BabylonIEPI.dll

Publisher:

Babylon Ltd. (signed and verified)

Product:

Babylon IE Addin

Description:

Babylon Internet Explorer Addin

Version:

10.0.2.22

MD5:

c01d03e60c69bb9c643fab89e17297ec

SHA-1:

6fca176f7ca59a205bba19051bd2be0436a7ae0e

SHA-256:

ab134784431605576a9a7f467abe4fbd07c9466733bcef00f2d9cc7b6f930a70

Scanner detections:

3 / 68

Status:

Adware

Analysis date:

4/26/2024 5:17:28 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.Bbylon

4.0.3.14922

ESET NOD32

Win32/Toolbar.Babylon (variant)

8.10439

Reason Heuristics

PUP.BHO.Babylon.L

14.9.22.11

File size:

298.6 KB (305,744 bytes)

Product version:

10.0.2.22

Original file name:

BabylonIEPI.dll

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\babylon\babylon-pro\utils\babyloniepi.dll

Digital Signature

Signed by:

Babylon Ltd.

Authority:

Thawte, Inc.

Valid from:

2/12/2014 1:00:00 AM

Valid to:

3/8/2016 12:59:59 AM

Subject:

CN=Babylon Ltd., O=Babylon Ltd., L=Or-Yehuda, S=Or-Yehuda, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

4A3CB79EE8B7A32A0263FE5D13CC5291

Registration

CLSID:

{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}

ProgID:

BabylonIEPI.BabylonIEBho.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

9/14/2014 2:34:24 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:v/XLa+P5uFikiPOXryo8ycrDsnOE1nKvRmNaRYco:v/XLyF7lyo8vHsnOE1KvRIL

Entry address:

0x220B5

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 31, 84, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 68, 20, EC, 01, 10, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, FC, 2F, 04, 10, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 50, 64, FF, 35... 
[+]

Entropy:

6.3265

Code size:

205 KB (209,920 bytes)

Internet Explorer BHO

Display name:

Babylon IE plugin

CLSID:

{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}

The file BabylonIEPI.dll has been discovered within the following program.

Babylon by Babylon Ltd.

Babylon is a potentially unwanted web browser extension that is ad-supported and will display various popup and banner ads as well as modify the user's web browser search and home page settings.

www.Babylon.com

80% remove it

Remove BabylonIEPI.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.