» freeridegames.exe
Overview
Analysis
File Details
Downloads (1)

freeridegames.exe

Babylon Ltd.

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application freeridegames.exe by Babylon has been detected as adware by 6 anti-malware scanners. This is a setup program which is used to install the application. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from dl.babylon.com.

File name:

freeridegames.exe

Publisher:

Babylon Ltd. (signed and verified)

MD5:

3a206fbd101d28464eba49e16b37eecb

SHA-1:

2ca132fbe468e8c091bd8dde00248d992445085f

SHA-256:

e33565ff5cecddc2d2fac1bd094da0034665752ad5cf9c33d057a14505275c38

Scanner detections:

6 / 68

Status:

Adware

Analysis date:

4/24/2024 10:44:05 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Toolbar.Babylon

7.1.1

Bkav FE

W32.Clod152.Trojan

1.3.0.4959

Dr.Web

Adware.Babylon.15

9.0.1.0228

ESET NOD32

Win32/Toolbar.Babylon (variant)

8.9500

Reason Heuristics

PUP.Babylon.N

14.8.16.9

VIPRE Antivirus

Babylon

27080

File size:

757.1 KB (775,320 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\freeridegames.exe

Digital Signature

Signed by:

Babylon Ltd.

Authority:

Thawte, Inc.

Valid from:

2/27/2012 1:00:00 AM

Valid to:

3/9/2014 12:59:59 AM

Subject:

CN=Babylon Ltd., O=Babylon Ltd., L=Or-Yehuda, S=Or-Yehuda, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

48C39FBA62460E24E169054FE518E0AF

File PE Metadata

Compilation timestamp:

2/5/2012 7:12:30 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:IqiWkXlXrPREF8t/ksYHjVMBKWD115SFljA1+zZg6x4unffzqP7X/6JE2kEY3fkd:TITo8t/kPDV8xPNWIun2P7XgE2kJ3sPV

Entry address:

0x1762

Entry point:

55, 8B, EC, 83, E4, F8, 81, EC, 38, 02, 00, 00, A1, 00, 50, 40, 00, 33, C4, 89, 84, 24, 34, 02, 00, 00, 56, 57, 33, FF, 57, FF, 15, 40, 40, 40, 00, 6A, 0A, 8B, F0, 68, E8, 41, 40, 00, 56, FF, 15, 5C, 40, 40, 00, 3B, C7, 74, 16, 50, 8D, 44, 24, 20, 50, 8D, 44, 24, 20, 50, 56, E8, 61, 03, 00, 00, 83, C4, 10, EB, 05, B8, 16, 07, 00, 00, 3B, C7, 0F, 85, BB, 00, 00, 00, 8B, C6, 8D, 4C, 24, 20, 89, 7C, 24, 08, 89, 7C, 24, 0C, 89, 7C, 24, 10, C7, 44, 24, 14, 03, 00, 00, 00, E8, 23, F8, FF, FF, 3B, C7, 0F, 85, 94... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

12 KB (12,288 bytes)

The file freeridegames.exe has been seen being distributed by the following URL.

http://dl.babylon.com/files/prtnrp/.../FreeRideGames.exe

Remove freeridegames.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.