» uninstbb.exe
Overview
Analysis
File Details

uninstbb.exe

Babylon Ltd.

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application uninstbb.exe by Babylon has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.

File name:

uninstbb.exe

Publisher:

Babylon Ltd. (signed and verified)

MD5:

4f01d5d9563021b421e766969b1cbbdf

SHA-1:

e56a6c2f575cf8ea37cf4eb3e0341d0b51c299ce

SHA-256:

e999ddc6647b59d336460dea10b04847d01dc7da7dd23571a3e97d98c973295f

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/25/2024 10:23:01 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Babylon (M)

15.7.18.10

File size:

297.2 KB (304,352 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\babylon\babylon-pro\utils\uninstbb.exe

Digital Signature

Signed by:

Babylon Ltd.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

2/8/2007 2:00:00 AM

Valid to:

3/4/2008 1:59:59 AM

Subject:

CN=Babylon Ltd., OU=SECURE APPLICATION DEVELOPMENT, O=Babylon Ltd., L=Or-Yehuda, S=Or-Yehuda, C=IL

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

5B4F1D6192C4E67D48917FA06B93483F

File PE Metadata

Compilation timestamp:

2/6/2008 4:46:12 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

3072:sXxb0+RxMLFGsi54yWCVhtq14zAoDcoe8bPyC9RSlxKcGAR/+akTe13tM5jMMPln:s1/MLsL54Iq1aLRbKg3cG3TstnyYI

Entry address:

0x20C5A

Entry point:

E8, 3C, 85, 00, 00, E9, 16, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 00, 01, 00, 00, 72, 0E, 83, 3D, 34, B3, 44, 00, 00, 74, 05, E9, EA, 85, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01... 
[+]

Entropy:

6.2166

Code size:

196.5 KB (201,216 bytes)

Remove uninstbb.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.