home

toolbar18463732.exe

Babylon Client Setup 1.0

Babylon Ltd.

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application toolbar18463732.exe, “Babylon Client Setup” by Babylon has been detected as adware by 5 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.
Publisher:
Babylon Ltd.  (signed and verified)

Product:
Babylon Client Setup 1.0

Description:
Babylon Client Setup

Version:
1.0.8.0

MD5:
2be9c573d5697863887c69e77730e33d

SHA-1:
093b68b745ebb38ce3f97604f21449a117d15a1f

SHA-256:
1a341246fd1faba89f628c6eec4820147afdc9df78297b5b44cf793045683a22

Scanner detections:
5 / 68

Status:
Adware

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
4/30/2024 6:27:10 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Toolbar.Babylon (variant)
7.8965

Malwarebytes
PUP.Optional.Babylon.A
v2013.12.23.01

Reason Heuristics
PUP.Installer.Babylon.P
14.8.7.19

VIPRE Antivirus
Babylon
22712

XVirus List
Win32.Detected
2.8.7

File size:
866.6 KB (887,448 bytes)

Copyright:
2011(c) Babylon Ltd. All rights reserved.

Original file name:
Setup_Stub.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\toolbar18463732.exe

Digital Signature
Signed by:
Babylon Ltd.

Authority:
Thawte, Inc.

Valid from:
2/27/2012 1:00:00 AM

Valid to:
3/9/2014 12:59:59 AM

Subject:
CN=Babylon Ltd., O=Babylon Ltd., L=Or-Yehuda, S=Or-Yehuda, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
48C39FBA62460E24E169054FE518E0AF

File PE Metadata
Compilation timestamp:
2/5/2012 7:12:42 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:8EvX30OX82OzbUiR6LQ7Rnump4RzsjRoaFnTc35:86X30OFOzoGAm7jHgp

Entry address:
0x1762

Entry point:
55, 8B, EC, 83, E4, F8, 81, EC, 38, 02, 00, 00, A1, 00, 50, 40, 00, 33, C4, 89, 84, 24, 34, 02, 00, 00, 56, 57, 33, FF, 57, FF, 15, 40, 40, 40, 00, 6A, 0A, 8B, F0, 68, E8, 41, 40, 00, 56, FF, 15, 5C, 40, 40, 00, 3B, C7, 74, 16, 50, 8D, 44, 24, 20, 50, 8D, 44, 24, 20, 50, 56, E8, 61, 03, 00, 00, 83, C4, 10, EB, 05, B8, 16, 07, 00, 00, 3B, C7, 0F, 85, BB, 00, 00, 00, 8B, C6, 8D, 4C, 24, 20, 89, 7C, 24, 08, 89, 7C, 24, 0C, 89, 7C, 24, 10, C7, 44, 24, 14, 03, 00, 00, 00, E8, 23, F8, FF, FF, 3B, C7, 0F, 85, 94...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
12 KB (12,288 bytes)

The file toolbar18463732.exe has been seen being distributed by the following 6 URLs.

http://media.instcdn.com/xmlcdn/.../toolbarv2.exe

http://media.instcdn.com/xmlcdn/.../toolbarv2.exe

http://d3c91y686yuead.cloudfront.net/xmlcdn/.../toolbarv2.exe

http://media.instcdn.com/.../toolbarv2.exe

http://software.onekit.com/software/ofertas/.../toolbar.exe

http://media.instcdn.com/xmlcdn/.../toolbarv3.exe

Remove toolbar18463732.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.