home

babylontoolbar.dll

Babylon Toolbar

Babylon BHO

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The module babylontoolbar.dll has been detected as adware by 2 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Babylon toolbar helper’. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.
Publisher:
Babylon BHO

Product:
Babylon Toolbar

Version:
1.4.15.0

MD5:
6465c93c30bdd975b5f5e56201144fdc

SHA-1:
c16209c7db533ec8f05a280482fdad8bd7e3f66c

SHA-256:
8cc43c11736643c8e3f96bdf06fa8b6b6229cc99ebe2cbca50ddb11b7fe798ff

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
4/25/2024 2:58:58 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.BHO
4.0.3.1426

Reason Heuristics
Adware.Toolbar.BabylonBHO.O
14.2.6.15

File size:
216 KB (221,184 bytes)

Product version:
1.4.15.0

Copyright:
(c) Babylon Ltd. All rights reserved.

File type:
Dynamic link library (Win32 DLL)

Language:
Hebrew (Israel)

Common path:
C:\Program Files\babylontoolbar\babylontoolbar\1.4.15.3\bh\babylontoolbar.dll

Registration
CLSIDs:
{2EECD738-5844-4a99-B4B6-146BF802613B}, {E46C8196-B634-44a1-AF6E-957C64278AB1}

ProgIDs:
bbylntlbr.bbylntlbrHlpr.1, escort.escrtBtn.1

COM registered:
Yes

File PE Metadata
Compilation timestamp:
8/9/2010 4:03:50 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
3072:0HWnOGl7WGhFEho/BCD/9ZDeiW+2ZDOv5/N8c9:0HM7kZKBpOpNF

Entry address:
0x1B004

Entry point:
6A, 0C, 68, 98, 7C, 02, 10, E8, 00, 03, 00, 00, 33, C0, 40, 89, 45, E4, 8B, 75, 0C, 33, FF, 3B, F7, 75, 0C, 39, 3D, AC, EC, 02, 10, 0F, 84, B3, 00, 00, 00, 89, 7D, FC, 3B, F0, 74, 05, 83, FE, 02, 75, 31, A1, 98, 0F, 03, 10, 3B, C7, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D0, 89, 45, E4, 39, 7D, E4, 0F, 84, 85, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 22, FE, FF, FF, 89, 45, E4, 3B, C7, 74, 72, 8B, 5D, 10, 53, 56, FF, 75, 08, E8, 5B, 72, FE, FF, 89, 45, E4, 83, FE, 01, 75, 0E, 3B, C7, 75, 0A, 53, 57, FF...
 
[+]

Entropy:
6.0232

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
148 KB (151,552 bytes)

Internet Explorer BHO
Display name:
Babylon toolbar helper

CLSID:
{2EECD738-5844-4a99-B4B6-146BF802613B}

CLSID name:
CescrtHlpr Object


Remove babylontoolbar.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.