home

deltatb.exe

Visual Tools

The application deltatb.exe by Visual Tools has been detected as adware by 10 anti-malware scanners. This is a setup program which is used to install the application. Additionally, the file is typically installed by a number of programs including Social Extras by Buzzbox Media and Christmas Serenity Screensaver 1.0 by SaversPlanet.com. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from dl.babylon.com and multiple other hosts.
Publisher:
Visual Tools  (signed and verified)

MD5:
fc21d8e387dbcd2e627b97bfc5b8f5cd

SHA-1:
37ccad86409e08816a4c00f1dbea4604ba36d3a1

SHA-256:
6054b54a561df69b21ac35c5e76a3661412b404ff7404cfca1d49be20900a96a

Scanner detections:
10 / 68

Status:
Adware

Analysis date:
4/23/2024 8:56:34 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Agent
7.1.1

AhnLab V3 Security
Adware/Win32.Toolbar
2013.12.11

Baidu Antivirus
Adware.Win32.Bbylon
4.0.3.14211

Bkav FE
W32.Clod96b.Trojan
1.3.0.4613

Comodo Security
Application.Win32.Babylon.ac
17418

Dr.Web
Adware.Babylon.10
9.0.1.0329

ESET NOD32
Win32/Toolbar.Babylon (variant)
7.9156

Malwarebytes
PUP.Optional.Babylon.A
v2013.11.25.01

NANO AntiVirus
Trojan.Win32.Babylon.csuksh
0.28.0.57630

Reason Heuristics
PUP.VisualTools.H
14.8.7.21

File size:
768 KB (786,416 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\deltatb.exe

Digital Signature
Signed by:
Visual Tools

Authority:
Thawte, Inc.

Valid from:
1/9/2013 4:00:00 PM

Valid to:
1/10/2015 3:59:59 PM

Subject:
CN=Visual Tools, O=Visual Tools, L=Belgrade, S=Serbia, C=RS

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
789958B0264F06055619270074AFA61F

File PE Metadata
Compilation timestamp:
6/16/2013 4:48:04 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:fsZfDKTVFqbv0/+GV/Uclnc1MZHlIqeIhIPgSqeVoqnSLnEVOspOJQqHeoQ5E/CV:fiGTocGGrSmIeKgSqeVoqnS7ign/RGP

Entry address:
0x1595

Entry point:
55, 8B, EC, 83, E4, F8, 81, EC, 44, 0A, 00, 00, A1, 00, 50, 40, 00, 33, C4, 89, 84, 24, 40, 0A, 00, 00, 53, 56, 33, DB, 57, 8D, 74, 24, 10, 88, 5C, 24, 0E, C6, 44, 24, 0F, 01, E8, C3, 05, 00, 00, 53, 89, 9C, 24, 6C, 02, 00, 00, 89, 9C, 24, 70, 02, 00, 00, 89, 9C, 24, 74, 02, 00, 00, C7, 84, 24, 78, 02, 00, 00, 03, 00, 00, 00, FF, 54, 24, 50, 89, 84, 24, 64, 02, 00, 00, 8B, C6, E8, 07, FA, FF, FF, 3B, C3, 0F, 85, 1A, 01, 00, 00, 8D, 84, 24, 78, 02, 00, 00, 50, 8B, FE, E8, 2C, FF, FF, FF, 8B, F8, 3B, FB, 0F...
 
[+]

Entropy:
7.9957

Developed / compiled with:
Microsoft Visual C++

Code size:
12 KB (12,288 bytes)

The file deltatb.exe has been discovered within the following programs.

Christmas Serenity Screensaver 1.0  by SaversPlanet.com
Christmas Serenity bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).
www.saversplanet.com
67% remove it
Social Extras  by Buzzbox Media
42% remove it
 
Powered by Should I Remove It?

The file deltatb.exe has been seen being distributed by the following 3 URLs.

http://dl.babylon.com/files/prtnrp/.../DeltaTB.exe

http://d3d6wi7c7pa6m0.cloudfront.net/bundles/.../DeltaTB_20130715.exe

http://softs.illyx.com/.../DeltaTB.exe

Remove deltatb.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.