HEUR.Malware.Babel.Generic

By CagedTech in HEUR Malware, Malware

Threat Scorecard

Popularity Rank:	5,927
Threat Level:	100 % (High)
Infected Computers:	883

First Seen:	January 7, 2013
Last Seen:	March 21, 2026
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	HEUR.Malware.Babel.Generic
Signature status:	Self Signed

Known Samples

MD5: 9d15d1dd1eb4026147e596d2d2add828

SHA1: c42e447a7ab8b8433246944c883d9066b550697d

SHA256: E87D1C4BC47D418266CE86AFD606AE4B00C18E2685DCFD1C0EB16D6FD46A9C44

File Size: 755.32 KB, 755320 bytes

MD5: 5e764a9d36e2c0ecff19bd6bdb0674ae

SHA1: 6ac48fcf1839fbea8fd15ab770a2ae6bc48a60c8

SHA256: B132EC186C9586162D88BADADF5045233663B9A8619D6BAC806EE53BCB1A1A75

File Size: 206.34 KB, 206336 bytes

MD5: b0d4df290a1c1e14846c900f4777af06

SHA1: f274a3fcc6afd3fc11823ba1a3a119f4d55d2f43

SHA256: B6D23050A6B84588E8E66C1E7B8DD24F401EEFF5BF3FB03C4E9186AAB764542B

File Size: 857.72 KB, 857720 bytes

MD5: 0eeb22e7e098f65cccdd421a4563119b

SHA1: 392ec23237fabb36253cbb0481e6ad51d519d4ef

SHA256: 5055A10AF346F73597AC99B0DBC8865190405780D4A41D72BEF2D74858CCD3E4

File Size: 1.71 MB, 1710200 bytes

MD5: 02a067f11fcc1a5d9d876e77f95b5c2e

SHA1: 7ca30375522989679de44a4a2e91f2de1da101b8

SHA256: F416643BB2D4AC84555DECAE8AE3E6F4E34B26102CAC8CA297804CEF2A7200BD

File Size: 1.70 MB, 1700472 bytes

MD5: b0e77489bfea9b7ba333f0e928aca3c5

SHA1: 6c4b0f0b2e4cfc5a50417ca94867494189dfea5e

SHA256: E7BD38921FA708FF7BF269F2DC1C074DF777A99E9825247DD6EC87090C30BAB9

File Size: 857.72 KB, 857720 bytes

MD5: 9ea4c4b34dc8e74ccd95fb9777254ae9

SHA1: 47d224ef9e4dbb0439622aa46a1ede4da6c32e25

SHA256: 11B7B13AAA9F8CC973C96C579A6CE5752F88427CCAC06CE20F290FB1CA49097C

File Size: 857.72 KB, 857720 bytes

MD5: 33194fc6d8f73dd73874e37f1cdf383a

SHA1: 53c03668f75023398e31eb11988ebd2eeeb57561

SHA256: 0272215D11E7EA443E6BEBF33D08BF3CCAEDCF57EE3E2AF4CB9E264A832D651D

File Size: 282.74 KB, 282744 bytes

MD5: a3688637b5a2cab4d050a34925190c3b

SHA1: bd044ea1cb5738411e33be73a4b31017aae79188

SHA256: 05C73A3C165D7E12E2C0B1CB3883B5370271E2C77F90E04EE15E92B110CD3865

File Size: 2.17 MB, 2172778 bytes

MD5: 19accaf9313055de3d04905f9fd9eeef

SHA1: 163b34ee1ec5a445748ca845b8396742ff4df419

SHA256: 230DD4558A1E576582D3C552A21C2B5DEC6793EA99EB9AA36E33BC4ED872DBE9

File Size: 858.74 KB, 858744 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has exports table
File has TLS information
File is .NET application
File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application

File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	7.2.50701.0 2.2.8.0 2.2.6.0 2.2.3.2 2.2.2.0 2.2.1.0 2.2.0.3 2.2.0.0 2.0.4.2
Company Name	Diagnostics Gaea.Server QuadSpinner Royal Apps GmbH
File Description	Diagnostics Gaea.Engine Gaea.Nodes Gaea.Server RoyalServer.ManagementEndpoint.Module.HyperV
File Version	7.2.50701 2.2.8.0 2.2.6.0 2.2.3.2 2.2.2.0 2.2.1.0 2.2.0.3 2.2.0.0 2.0.4.2
Internal Name	Diagnostics.dll Gaea.Engine.dll Gaea.Nodes.dll Gaea.Server.dll RoyalServer.ManagementEndpoint.Module.HyperV.dll
Legal Copyright	Copyright (C) 2016-2024 Copyright (C) 2016-2026 Copyright © 2025, Royal Apps GmbH, Austria
Original Filename	Diagnostics.dll Gaea.Engine.dll Gaea.Nodes.dll Gaea.Server.dll RoyalServer.ManagementEndpoint.Module.HyperV.dll
Product Name	Diagnostics Gaea.Engine Gaea.Nodes Gaea.Server RoyalServer.ManagementEndpoint.Module.HyperV
Product Version	7.03.50701.0-Branch.ts-publish-tc-v7.03.50701.0-t1036.Sha.a4f65b0d6a964462978e7c1e65eca5bb08c12540+a4f65b0d6a964462978e7c1e65eca5bb08c12540 2.2.8.0+676bbbf903a18c74c5cad5f52861f53cc1570926 2.2.6.0+3297f72b2f6e83966dfa2dfba877992e9616678a 2.2.3.2+5b3e0dfb42692837700402f79ab921c6803df370 2.2.2.0+ffca12da22397babd9ebeedc52c59eaf1e5cc435 2.2.1.0+d336b92d765ac39e80d6c8fa88eaf9861f1eeb35 2.2.0.3+7ba0c35a3be755c0f3881c778f9ac73e248678ce 2.2.0.0+50e62025c43112e8b5bd81d6c08596074ef6ee8f 2.0.4.2+6e5a5654e76daca2c0fda1af54bf785f44a252cb

Digital Signatures

Signer	Root	Status
QuadSpinner	SSL.com Code Signing Intermediate CA ECC R2	Self Signed

File Traits

.NET
babel
dll
HighEntropy
NewLateBinding
x64
x86

Block Information

Total Blocks:	331
Potentially Malicious Blocks:	0
Whitelisted Blocks:	211
Unknown Blocks:	120

Visual Map

? 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 ? ? 0 ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? 0 0 ? ? ? 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

MSIL.Downloader.Tiny.UA
MSIL.Dropper.SE
MSIL.Krypt.TDB
MSIL.Krypt.YACB
MSIL.Redline.RD

Registry Modifications

Key::Value	Data	API Name
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateMutant Show More ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtResumeThread ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory UNKNOWN win32u.dll!NtGdiBitBlt win32u.dll!NtGdiCreateBitmap win32u.dll!NtGdiCreateCompatibleDC win32u.dll!NtGdiCreateDIBitmapInternal win32u.dll!NtGdiCreateSolidBrush win32u.dll!NtGdiDeleteObjectApp win32u.dll!NtGdiExtGetObjectW win32u.dll!NtGdiGetDCforBitmap win32u.dll!NtGdiGetDCObject win32u.dll!NtGdiGetDeviceCaps win32u.dll!NtGdiRestoreDC win32u.dll!NtGdiSaveDC win32u.dll!NtGdiSelectBitmap win32u.dll!NtGdiSetDIBitsToDeviceInternal win32u.dll!NtUserBuildHwndList win32u.dll!NtUserCallTwoParam win32u.dll!NtUserCreateEmptyCursorObject win32u.dll!NtUserCreateWindowEx 30 additional items are not displayed above.
User Data Access	GetComputerNameEx GetUserDefaultLocaleName GetUserObjectInformation
Encryption Used	BCryptOpenAlgorithmProvider
Anti Debug	IsDebuggerPresent

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

HEUR.Malware.Babel.Generic

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Trending

Osa Ransomware

Zap PDF

Trojanized RedAlert Application

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Pornktube.porn

Discord Shows Black Screen when Sharing Screen