» BDesktopAgent.dll
Overview
Analysis
File Details

BDesktopAgent.dll

Babylon Desktop Agent

Babylon Ltd.

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The module BDesktopAgent.dll by Babylon has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.

File name:

BDesktopAgent.dll

Publisher:

Babylon Ltd. (signed and verified)

Product:

Babylon Desktop Agent

Version:

8.0.6.5

MD5:

4fe1f0e450ef4de924ca480289e0d0fe

SHA-1:

6e3c56b9d81da19dfd63c321dc5bc740164d50cb

SHA-256:

d6465d7ce30e23b8aac1ca8305e05ffce2bd344206e2ba52db5ae113b6180654

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/23/2024 4:15:35 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Babylon (M)

16.1.29.13

File size:

220.4 KB (225,720 bytes)

Product version:

8.0.6.5

Original file name:

BDesktopAgent.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\babylon\babylon-pro\agent\bdesktopagent.dll

Digital Signature

Signed by:

Babylon Ltd.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

2/10/2010 6:00:00 PM

Valid to:

3/9/2011 5:59:59 PM

Subject:

CN=Babylon Ltd., O=Babylon Ltd., L=Or-Yehuda, S=Or-Yehuda, C=IL

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

6BA9E210D535C6932A9CE11E3A78ED09

Registration

CLSID:

{C430996F-4AA8-4AA8-81DE-F54432CD5786}

ProgID:

BDesktopAgent.BabConnector.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

4/22/2010 7:08:11 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:6EXmvUQGWOjf3cwBgZGvx3k5Bp7F/pieeGTTyE54+43Ri27Zn:6EWvUTHf30Z4xkfpJsSV43Rb7Zn

Entry address:

0x13D47

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, A6, 7B, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, 68, 60, 0C, 01, 10, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 00, 04, 03, 10, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 50, 64... 
[+]

Entropy:

6.4308

Code size:

149 KB (152,576 bytes)

Remove BDesktopAgent.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.