» Uninstbb.exe
Overview
Analysis
File Details
Programs (1)
Network (5)

Uninstbb.exe

Uninstall Module

Babylon Ltd.

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application Uninstbb.exe, “Uninstall Application” by Babylon has been detected as adware by 2 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This file is typically installed with the program Babylon by Babylon Ltd which is a potentially unwanted software program. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.

File name:

Uninstbb.exe

Publisher:

Babylon Ltd. (signed and verified)

Product:

Uninstall Module

Description:

Uninstall Application

Version:

10.0.2.8

MD5:

09ed6a3bcec615a4963f0a5f60db6877

SHA-1:

c2d2063a0007ef5ebb2bde3d2609f32290f559c5

SHA-256:

4b772837ba5d194ab4ad5e224330b1c20c420cfcf085409ac278ca18eac23b60

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

4/25/2024 1:15:43 PM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/Toolbar.Babylon (variant)

8.9323

Reason Heuristics

PUP.Babylon.I

14.8.7.19

File size:

788.6 KB (807,504 bytes)

Product version:

10.0.2.8

Original file name:

Uninstbb.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\uninstbb.exe

Digital Signature

Signed by:

Babylon Ltd.

Authority:

Thawte, Inc.

Valid from:

2/27/2012 12:00:00 AM

Valid to:

3/8/2014 11:59:59 PM

Subject:

CN=Babylon Ltd., O=Babylon Ltd., L=Or-Yehuda, S=Or-Yehuda, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

48C39FBA62460E24E169054FE518E0AF

File PE Metadata

Compilation timestamp:

12/23/2013 2:28:25 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:mBoxX30WP6VdS4CUIf9U7zWErYzEqHmhcPCcm+JMWeERdQeheQdvyoIZCr7GC2:m5dSNfh6cVKWnBeQdvnECr7GC2

Entry address:

0x61E05

Entry point:

E8, D0, B2, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, 73, 1E, 46, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, 5F, 59, 01, 00, 8B, 45, 0C, 8B, 40, 04, 83, E0, FD, 8B, 4D, 0C, 89, 41, 04, 64, 8B, 3D... 
[+]

Code size:

579 KB (592,896 bytes)

The file Uninstbb.exe has been discovered within the following program.

Babylon by Babylon Ltd

Babylon is a computer dictionary and translation program, developed by Babylon Ltd. Babylon's translation software prompts to add the Babylon Toolbar, identified as a browser hijacker. The toolbar also comes bundled as an add-on with other software downloads.

www.babylon.com/products/babylon

67% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ba-sh-nl-dc-006.babsft.com (107.6.141.14:80)

TCP (HTTP):

Connects to singhop0014.babylon.com (96.127.151.131:80)

TCP (HTTP):

Connects to ba-sh-nl-dc1-.005.com (198.20.96.179:80)

TCP (HTTP):

Connects to LB2200.babylon.com (69.175.64.72:80)

TCP (HTTP):

Connects to DedLoadLM2200.babylon.com (184.154.27.235:80)

Remove Uninstbb.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.