» MyClaroTB.exe
Overview
Analysis
File Details
Downloads (1)

MyClaroTB.exe

Babylon Ltd.

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application MyClaroTB.exe by Babylon has been detected as adware by 6 anti-malware scanners. This is a setup program which is used to install the application. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from installertechcontent.com.

File name:

MyClaroTB.exe

Publisher:

Babylon Ltd. (signed and verified)

MD5:

cdf95731c177c1e34b944ea5e63d492d

SHA-1:

ae857ddd8245f430b29907423d2f50b4604d988f

SHA-256:

aab969ac3c7ba5f86b091d4d6c80867d0a0404469fe286b9374dc66138ca521c

Scanner detections:

6 / 68

Status:

Adware

Analysis date:

4/24/2024 5:04:11 AM UTC (today)

Scan engine

Detection

Engine version

Boost by Reason

Adware.Babylon.J

2013.8.29.21

Dr.Web

Adware.Toolbar.146

9.0.1.0241

ESET NOD32

Win32/Toolbar.Babylon

7.9142

Reason Heuristics

PUP.Babylon.J

14.8.7.19

Trend Micro House Call

TROJ_GEN.F47V0719

7.2.241

VIPRE Antivirus

Babylon

24090

File size:

867.6 KB (888,472 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\myclarotb.exe

Digital Signature

Signed by:

Babylon Ltd.

Authority:

Thawte, Inc.

Valid from:

2/26/2012 4:00:00 PM

Valid to:

3/8/2014 3:59:59 PM

Subject:

CN=Babylon Ltd., O=Babylon Ltd., L=Or-Yehuda, S=Or-Yehuda, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

48C39FBA62460E24E169054FE518E0AF

File PE Metadata

Compilation timestamp:

2/4/2012 10:12:30 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:aKXDmNCTEqwlk7KdgLWIk5p+ksvULTK+eyFxw:aNCJf+dgKI08U/K+eyDw

Entry address:

0x1762

Entry point:

55, 8B, EC, 83, E4, F8, 81, EC, 38, 02, 00, 00, A1, 00, 50, 40, 00, 33, C4, 89, 84, 24, 34, 02, 00, 00, 56, 57, 33, FF, 57, FF, 15, 40, 40, 40, 00, 6A, 0A, 8B, F0, 68, E8, 41, 40, 00, 56, FF, 15, 5C, 40, 40, 00, 3B, C7, 74, 16, 50, 8D, 44, 24, 20, 50, 8D, 44, 24, 20, 50, 56, E8, 61, 03, 00, 00, 83, C4, 10, EB, 05, B8, 16, 07, 00, 00, 3B, C7, 0F, 85, BB, 00, 00, 00, 8B, C6, 8D, 4C, 24, 20, 89, 7C, 24, 08, 89, 7C, 24, 0C, 89, 7C, 24, 10, C7, 44, 24, 14, 03, 00, 00, 00, E8, 23, F8, FF, FF, 3B, C7, 0F, 85, 94... 
[+]

Entropy:

7.9958

Developed / compiled with:

Microsoft Visual C++

Code size:

12 KB (12,288 bytes)

The file MyClaroTB.exe has been seen being distributed by the following URL.

http://installertechcontent.com/MyClaroTB.exe

Remove MyClaroTB.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.