home

bbtb.exe

Babylon Client Setup 1.0

Babylon Ltd.

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application bbtb.exe, “Babylon Client Setup” by Babylon has been detected as adware by 5 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. Additionally, the file is typically installed by a number of programs including FREE Word and Excel password recovery Wizard version 2.1.11 by FREE Password Recovery Software and Animated Aquaworld Screensaver 1.0 by FullScreensavers.com. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.
Publisher:
Babylon Ltd.  (signed and verified)

Product:
Babylon Client Setup 1.0

Description:
Babylon Client Setup

Version:
1.0.8.0

MD5:
3d91ecdbb3404485702fb92b26b17d90

SHA-1:
5dfc514a7a1e037683fed57029f49fa6c6f04dbf

SHA-256:
588b7896a3712043efd9789e8bd2de35d2bcc082344f2d2cb7a90cfadc66b6d9

Scanner detections:
5 / 68

Status:
Adware

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
4/19/2024 11:29:34 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Boost by Reason
Optional.Babylon.E
188838

ESET NOD32
Win32/Toolbar.Babylon (variant)
7.9190

Malwarebytes
PUP.Optional.Babylon.A
v2013.12.23.03

Reason Heuristics
PUP.Installer.Babylon.E
14.8.7.19

VIPRE Antivirus
Babylon
24638

File size:
845.1 KB (865,392 bytes)

Copyright:
2011(c) Babylon Ltd. All rights reserved.

Original file name:
Setup_Stub.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\bbtb.exe

Digital Signature
Signed by:
Babylon Ltd.

Authority:
Thawte, Inc.

Valid from:
2/27/2012 12:00:00 AM

Valid to:
3/8/2014 11:59:59 PM

Subject:
CN=Babylon Ltd., O=Babylon Ltd., L=Or-Yehuda, S=Or-Yehuda, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
48C39FBA62460E24E169054FE518E0AF

File PE Metadata
Compilation timestamp:
2/5/2012 6:12:42 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:s5dJLagA9LRqvhD2LuD5zPI9xvnQwCb3D:F9cWu5w9OwS3D

Entry address:
0x1762

Entry point:
55, 8B, EC, 83, E4, F8, 81, EC, 38, 02, 00, 00, A1, 00, 50, 40, 00, 33, C4, 89, 84, 24, 34, 02, 00, 00, 56, 57, 33, FF, 57, FF, 15, 40, 40, 40, 00, 6A, 0A, 8B, F0, 68, E8, 41, 40, 00, 56, FF, 15, 5C, 40, 40, 00, 3B, C7, 74, 16, 50, 8D, 44, 24, 20, 50, 8D, 44, 24, 20, 50, 56, E8, 61, 03, 00, 00, 83, C4, 10, EB, 05, B8, 16, 07, 00, 00, 3B, C7, 0F, 85, BB, 00, 00, 00, 8B, C6, 8D, 4C, 24, 20, 89, 7C, 24, 08, 89, 7C, 24, 0C, 89, 7C, 24, 10, C7, 44, 24, 14, 03, 00, 00, 00, E8, 23, F8, FF, FF, 3B, C7, 0F, 85, 94...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
12 KB (12,288 bytes)

The file bbtb.exe has been discovered within the following programs.

Animated Aquaworld Screensaver 1.0  by FullScreensavers.com
Animated Aquaworld Screensaver bundles a branded version of the Conduit Toolbar and/or the Babylon Toolbar, which delivers search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar.
www.fullscreensavers.com
67% remove it
FREE Word and Excel password recovery Wizard version 2.1.11  by FREE Password Recovery Software
Publisher's description - “Lost your Word Password? Former employees left without unprotecting their documents? Unable to access your important Word document? Crack it down using Word Recovery! Word Recovery is a guaranteed password recovery tool for Word.”
www.freewordexcelpassword.com
About 3% of users remove it
 
Powered by Should I Remove It?

The file bbtb.exe has been seen being distributed by the following 3 URLs.

http://dl.babylon.com/files/.../MyBabylonTB.exe

http://cdn.bubbledock.es/cl/inst/bundles/BabylonToolbar/.../MyBabylonTB.exe

http://media.instcdn.com/xmlcdn/.../MyBabylonTB.exe

Remove bbtb.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.