» res_ger.dll
Overview
Analysis
File Details

res_ger.dll

Babylon

Babylon Ltd.

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The module res_ger.dll, “Babylon Download Utility” has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.

File name:

res_ger.dll

Publisher:

Babylon Ltd.

Product:

Babylon

Description:

Babylon Download Utility

Version:

3.2.0.2

MD5:

7270138e7bec3b71ce161774c9b4f807

SHA-1:

b010327ad848b32700ed81186e759d4ebf053556

SHA-256:

6a851cee925f6ac970dac03651551fd6f6b6ff24d17b57729ad21cda4e24bff4

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/20/2024 2:37:08 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Babylon

15.3.31.0

File size:

81 KB (82,944 bytes)

Product version:

2.1.0

Original file name:

BABYLOAD

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\babylon translator\updates\res_ger.dll

File PE Metadata

Compilation timestamp:

6/28/1999 9:47:02 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.0

CTPH (ssdeep):

768:kImVjfWzsIgZ4mWaXwokfL9UfG4xFP3xhsJTBFp+i8kqtqa:kjVDcszrbEcGisNBF8Pkqtqa

Entry address:

0x1180

Entry point:

53, 55, 56, 8B, 74, 24, 14, 85, F6, 57, B8, 01, 00, 00, 00, 75, 13, 8B, 0D, 48, 77, 00, 10, 85, C9, 75, 09, 33, C0, 5F, 5E, 5D, 5B, C2, 0C, 00, 8B, 7C, 24, 1C, 8B, 5C, 24, 14, 83, FE, 01, 74, 05, 83, FE, 02, 75, 28, 8B, 0D, B4, 8B, 00, 10, 85, C9, 74, 05, 57, 56, 53, FF, D1, 85, C0, 74, 0C, 57, 56, 53, E8, 3F, FE, FF, FF, 85, C0, 75, 09, 33, C0, 5F, 5E, 5D, 5B, C2, 0C, 00, 57, 56, 53, E8, 1A, FE, FF, FF, 83, FE, 01, 8B, E8, 75, 0C, 85, ED, 75, 08, 57, 50, 53, E8, 17, FE, FF, FF, 85, F6, 74, 05, 83, FE, 03... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

11 KB (11,264 bytes)

Remove res_ger.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.