home

mybabylontb.exe

Babylon Client Setup 1.0

Babylon Ltd.

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application mybabylontb.exe, “Babylon Client Setup” by Babylon has been detected as adware by 43 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from dl.babylon.com.
Publisher:
Babylon Ltd.  (signed and verified)

Product:
Babylon Client Setup 1.0

Description:
Babylon Client Setup

Version:
1.0.8.0

MD5:
ddee6f5527ddd4a8b3e143c1f340eace

SHA-1:
5f5a8572c20c36b3bb1a0de78d62fcc4df169aa9

SHA-256:
e560948d69cd64238e5ceb309926ee00d969c7f139b30ff92a43907c8f5432f3

Scanner detections:
43 / 68

Status:
Adware

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
4/25/2024 10:40:39 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Parite.B
911

AegisLab AV Signature
W32.Sality
2.1.4+

Agnitum Outpost
Win32.Parite.B
7.1.1

AhnLab V3 Security
Win32/Parite
2014.07.18

Avira AntiVirus
W32/Parite
7.11.30.172

avast!
Win32:Parite
2014.9-140807

AVG
Win32/Parite
2015.0.3389

Baidu Antivirus
Virus.Win32.Parite.$b
4.0.3.1487

Bitdefender
Win32.Parite.B
1.0.20.1095

Bkav FE
W32.Clod8f1.Trojan
1.3.0.4613

Boost by Reason
Optional.Babylon.L
188838

Clam AntiVirus
Heuristics.W32.Parite.B
0.98/19185

Comodo Security
UnclassifiedMalware
17579

Dr.Web
Adware.Babylon.8
9.0.1.077

Emsisoft Anti-Malware
Win32.Parite
8.14.08.07.07

ESET NOD32
Win32/Toolbar.Babylon (variant)
8.8402

Fortinet FortiGate
W32/Parite.B
8/7/2014

F-Prot
W32/Parite.B
v6.4.6.5.141

F-Secure
Win32.Parite.B
11.2014-07-08_5

G Data
Win32.Parite
14.8.24

IKARUS anti.virus
Virus.Parite
t3scan.1.6.1.0

K7 AntiVirus
Virus
13.180.12763

Kaspersky
Virus.Win32.Parite
14.0.0.3441

Malwarebytes
PUP.Optional.Babylon.A
v2014.03.18.07

McAfee
W32/Pate.b
5600.7045

Microsoft Security Essentials
Threat.Undefined
1.179.317.0

MicroWorld eScan
Win32.Parite.B
15.0.0.657

NANO AntiVirus
Riskware.Win32.Babylon.craswq
0.28.0.57029

Norman
Pinfi.A
11.20140807

nProtect
Virus/W32.Parite.C
14.07.17.01

Panda Antivirus
W32/Parite.B
14.08.07.07

Qihoo 360 Security
Virus.Win32.Parite.H
1.0.0.1015

Quick Heal
W32.Perite.A
8.14.14.00

Reason Heuristics
PUP.Installer.Babylon.L
14.8.7.19

Rising Antivirus
PE:Win32.Parite.b!16043
23.00.65.14805

Sophos
W32/Parite-B
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10435

Total Defense
Win32/Pinfi.A
37.0.11065

Trend Micro House Call
HV_ZYX_CB2402E8.TOMC
7.2.77

Trend Micro
PE_PARITE.A
10.465.07

Vba32 AntiVirus
Virus.Win32.Parite.b
3.12.26.3

VIPRE Antivirus
Babylon
18352

ViRobot
Win32.Parite.A
2011.4.7.4223

File size:
776.1 KB (794,704 bytes)

Copyright:
2011(c) Babylon Ltd. All rights reserved.

Original file name:
Setup_Stub.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\mybabylontb.exe

Digital Signature
Signed by:
Babylon Ltd.

Authority:
Thawte, Inc.

Valid from:
2/27/2012 1:00:00 AM

Valid to:
3/9/2014 12:59:59 AM

Subject:
CN=Babylon Ltd., O=Babylon Ltd., L=Or-Yehuda, S=Or-Yehuda, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
48C39FBA62460E24E169054FE518E0AF

File PE Metadata
Compilation timestamp:
3/13/2013 12:55:48 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:KXXpDism5mE6F0Tpdcc3uGUBJWKRCWAiqLpM:yHmYE9TgDBJWKR3x

Entry address:
0x15A7

Entry point:
55, 8D, AC, 24, 40, F6, FF, FF, 81, EC, 3C, 0A, 00, 00, A1, 00, 50, 40, 00, 33, C5, 89, 85, BC, 09, 00, 00, 53, 56, 33, DB, 57, 8D, 75, 88, 88, 5D, 87, C6, 45, 86, 01, E8, AD, 05, 00, 00, 53, 89, 9D, DC, 01, 00, 00, 89, 9D, E0, 01, 00, 00, 89, 9D, E4, 01, 00, 00, C7, 85, E8, 01, 00, 00, 03, 00, 00, 00, FF, 55, C4, 89, 85, D8, 01, 00, 00, 8B, C6, E8, FD, F9, FF, FF, 3B, C3, 0F, 85, 0A, 01, 00, 00, 8D, 85, EC, 01, 00, 00, 50, 8B, FE, E8, 35, FF, FF, FF, 8B, F8, 3B, FB, 0F, 85, C0, 00, 00, 00, 33, FF, 66, 39...
 
[+]

Code size:
11.5 KB (11,776 bytes)

The file mybabylontb.exe has been seen being distributed by the following URL.

http://dl.babylon.com/files/Toolbars/.../MyBabylonTB.exe

Remove mybabylontb.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.