» setup.exe
Overview
Analysis
File Details

setup.exe

Setup Module

Babylon Ltd.

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application setup.exe, “Setup Application” by Babylon has been detected as adware by 18 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. It is also typically executed from the user's temporary directory.

File name:

setup.exe

Publisher:

Babylon Ltd. (signed and verified)

Product:

Setup Module

Description:

Setup Application

Version:

9.1.4.4

MD5:

28ac6d0c7f43b950de8e4c0da69a6baa

SHA-1:

0e39afbaa555b70d814aebb9cee3e523d32a7970

SHA-256:

58dde573b068bda1f49d4627a14be08ba47324307f5503ec3159d25cbcb30b5c

Scanner detections:

18 / 68

Status:

Adware

Explanation:

The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:

4/26/2024 1:00:25 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win32/Kashu.E

2014.07.24

avast!

Win32:Kukacka

2014.9-150426

Baidu Antivirus

Adware.Win32.Bbylon

4.0.3.14826

Bkav FE

W32.Clod2b6.Trojan

1.3.0.4562

Comodo Security

Application.Win32.Babylon.id

17372

Dr.Web

Trojan.StartPage.56734

9.0.1.0116

ESET NOD32

Win32/Toolbar.Babylon (variant)

9.9027

K7 AntiVirus

Virus

13.181.12819

Malwarebytes

PUP.Optional.Babylon.A

v2015.04.26.04

Microsoft Security Essentials

Threat.Undefined

1.179.842.0

Norman

Sality.ZHB

11.20150426

Qihoo 360 Security

Malware.QVM19.Gen

1.0.0.1015

Reason Heuristics

PUP.Installer.Babylon.F

14.8.26.7

Rising Antivirus

PE:Win32.KUKU.kj!1522176

23.00.65.15424

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

9912

Trend Micro

PE_SALITY.RL

10.465.26

Vba32 AntiVirus

suspected of Trojan.Downloader.gen

3.12.24.3

VIPRE Antivirus

Threat.4721115

31208

File size:

1.2 MB (1,226,288 bytes)

Product version:

9.1.4.4

Original file name:

Setup32.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

Digital Signature

Signed by:

Babylon Ltd.

Authority:

Thawte, Inc.

Valid from:

2/11/2014 10:00:00 PM

Valid to:

3/7/2016 8:59:59 PM

Subject:

CN=Babylon Ltd., O=Babylon Ltd., L=Or-Yehuda, S=Or-Yehuda, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

4A3CB79EE8B7A32A0263FE5D13CC5291

File PE Metadata

Compilation timestamp:

7/22/2014 4:16:10 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:rJkL7NDu5/XP5DpzeinBODc734CIyUXKfUlLvEs:rJk/N65X5KcbIpXKfgzEs

Entry address:

0x697DF

Entry point:

E8, B6, C0, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 00, 8E, 4B, 00, E8, CB, FB, FF, FF, E8, 11, 2E, 00, 00, 0F, B7, F0, 6A, 02, E8, 49, C0, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, FB, 35, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

562 KB (575,488 bytes)

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.