» babylontoolbar.dll
Overview
Analysis
File Details
Behaviors (1)

babylontoolbar.dll

Babylon Toolbar

Babylon BHO

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The module babylontoolbar.dll has been detected as adware by 5 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Babylon toolbar helper’. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.

File name:

babylontoolbar.dll

Publisher:

Babylon BHO

Product:

Babylon Toolbar

Version:

1.8.4.0

MD5:

2d587089de33b12714afdbf48e37a25c

SHA-1:

c2271fcf31657c532a4ba88cab1ca5804cbba8bf

SHA-256:

9d5af4df1a11e0e35e1e224fa3e91c4e15c1bc14f37d4954edbe67a207b154e1

Scanner detections:

5 / 68

Status:

Adware

Analysis date:

4/26/2024 5:43:28 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Malware.Win32.BHO

4.0.3.131224

Boost by Reason

Optional.BHO.BabylonBHO.O

188163

ESET NOD32

Win32/Toolbar.Escort (variant)

7.8944

Reason Heuristics

PUP.BHO.BabylonBHO.O

14.2.16.3

SUPERAntiSpyware

PUP.BabylonToolbar

10888

File size:

236.5 KB (242,176 bytes)

Product version:

1.8.4.0

File type:

Dynamic link library (Win32 DLL)

Language:

Hebrew (Israel)

Common path:

C:\Program Files\babylontoolbar\babylontoolbar\1.8.4.9\bh\babylontoolbar.dll

Registration

CLSIDs:

{2EECD738-5844-4a99-B4B6-146BF802613B}, {97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}

ProgIDs:

bbylntlbr.bbylntlbrHlpr.1, escort.escortIEPane.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

11/12/2012 11:38:55 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:XFG9O3S2+BhjETXAyX4mzRyl9To0WhJyYY8q:M9O3XWhjETXAyX4vl9To08JRY

Entry address:

0x17661

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, BB, 75, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, 00, 9C, 03, 10, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, D2, 77, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2... 
[+]

Code size:

160.5 KB (164,352 bytes)

Internet Explorer BHO

Display name:

Babylon toolbar helper

CLSID:

{2EECD738-5844-4a99-B4B6-146BF802613B}

Remove babylontoolbar.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.