» setup.exe
Overview
Analysis
File Details

setup.exe

Babylon Ltd.

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application setup.exe by Babylon has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the WinZip SFX installer.

File name:

setup.exe

Publisher:

Babylon Ltd. (signed and verified)

MD5:

baa80e993221df345b2473e849b934a5

SHA-1:

2bce7843f494fc3f7c9d723fa5cad377258e656e

SHA-256:

77e56850bc96b3b7256f486da41437eaa97c9cb56fb13400671479f25f5aa0fd

Scanner detections:

7 / 68

Status:

Adware

Explanation:

Bundles the Conduit Toolbar and/or Conduit Search Protect.

Analysis date:

4/26/2024 6:05:03 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Conduit.37

9.0.1.0330

ESET NOD32

Win32/Toolbar.Conduit

9.10727

Fortinet FortiGate

Riskware/Conduit

11/26/2015

F-Prot

W32/A-68608136

v6.4.7.1.166

G Data

Win32.Adware.Conduit

15.11.24

NANO AntiVirus

Trojan.Win32.Generic.dbxmjh

0.28.6.63362

Reason Heuristics

PUP.Babylon.Installer (M)

15.11.26.15

File size:

7.6 MB (7,955,688 bytes)

File type:

Executable application (Win32 EXE)

Installer:

WinZip SFX

Digital Signature

Signed by:

Babylon Ltd.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

3/9/2009 3:00:00 AM

Valid to:

3/10/2010 2:59:59 AM

Subject:

CN=Babylon Ltd., OU=SECURE APPLICATION DEVELOPMENT, O=Babylon Ltd., L=Or-Yehuda, S=Or-Yehuda, C=IL

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

76B79B3B3038808496E06B3A6FF3981A

File PE Metadata

Compilation timestamp:

1/9/2001 5:09:05 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.10

CTPH (ssdeep):

98304:Sa76v8obaznW9TKk3YNayPx49Qk2aI3TN0IW55tCg1EszOQlsvPgSr1eR5tbxghi:SnvxTKkoACJHW9E6/Or8bfwEdVZB

Entry address:

0x3F8F

Entry point:

53, FF, 15, 4C, 70, 40, 00, B3, 22, 38, 18, 74, 03, 80, C3, FE, 8A, 48, 01, 40, 33, D2, 3A, CA, 74, 0A, 3A, CB, 74, 06, 8A, 48, 01, 40, EB, F2, 38, 10, 74, 01, 40, 52, 50, 52, 52, FF, 15, 50, 70, 40, 00, 50, E8, 9E, F3, FF, FF, 50, FF, 15, 54, 70, 40, 00, 5B, C3, 8B, 44, 24, 04, 8B, 40, 3C, 05, F8, 00, 00, 00, C3, 55, 8B, EC, 51, A1, 88, 94, 40, 00, 83, 0D, 00, 93, 40, 00, FF, 56, 33, F6, 39, 35, 40, 8E, 40, 00, 89, 35, 34, 94, 40, 00, 89, 35, 84, 94, 40, 00, A3, 24, 97, 40, 00, 75, 05, E8, 9D, D2, FF, FF... 
[+]

Entropy:

7.9979

Packer / compiler:

WinZip, 0x32-bit SFX v8.x module

Code size:

21.5 KB (22,016 bytes)

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.