PUP.Babylon.B
Table of Contents
Analysis Report
General information
| Family Name: | PUP.Babylon.B |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
7d3ae97f15279209a66b742edaa35740
SHA1:
59f9a0994a16de1ca5e18772ef9477f075734b52
SHA256:
5DAD6AA9A32B1432D8157EE9E7A8844176C8504B0F770717248C72844CBA35DD
File Size:
809.62 KB, 809624 bytes
|
|
MD5:
1b2ac246ff96f18118f99eff508450fa
SHA1:
87d7ad780b48ef7ee7a532aeb73f81da281fec9d
SHA256:
8FF5A9F67EB3F300BB696F427DA13AA3EF328D2A17E381476F65117B22826295
File Size:
8.38 MB, 8375322 bytes
|
|
MD5:
667fb66d5c2c1d6e48408af96ce16549
SHA1:
adcb594c88c85122bec49cc670c7104c3af28f4d
SHA256:
58839946FE8B591C07EACA55B6E09F05280B7F54ED18EE33BF2CBC51A56D4E73
File Size:
8.37 MB, 8372872 bytes
|
|
MD5:
799f4d29416c0c1324f6ae2c03220e00
SHA1:
bd7c12be6f351cd7d4d4c10043d0e4207ae9e46d
SHA256:
32CD4C0D00A285B16ADB2325684835866A589D13EDA759BDE8631FF1CB94EDCD
File Size:
4.33 MB, 4327361 bytes
|
|
MD5:
2b677c17222175a43c7fa91e01942100
SHA1:
a720d356c3d5ac7c2f20bb3e126271dc4ba4d3a3
SHA256:
FC9EA989FE19F107181007AE9E2F7CEBE4AC7B86B5F4EB9997C30FE15F9E5E39
File Size:
7.97 MB, 7972274 bytes
|
Show More
|
MD5:
19e1fa7744de934b22243dcfc5ee0294
SHA1:
dc7b302203024eee1d82fc28b791009922c18263
SHA256:
3EE86D2EEF67C21452AD653481EE9471D85359FBB367277F18F59E32C2FE08A3
File Size:
919.19 KB, 919192 bytes
|
|
MD5:
90b0fe2f0b164b2de8311fddeb7dfd44
SHA1:
6505d6f7209080c6c03e6ea4726a40680e14b156
SHA256:
BDF0210601DB2EC50E44D9CA7FF8CF341CEF3306D0F440382F3F2A6C871C8D76
File Size:
776.34 KB, 776344 bytes
|
|
MD5:
aad69019ad41f1ebe7733d09c1e490c7
SHA1:
f90967601dfb8076e492d75ab0faf67e7e74288a
SHA256:
7E629A89090B81075EF8DCCF3030C6C0CA1452E3ADA085CF79B3C6C35891A292
File Size:
6.33 MB, 6327278 bytes
|
|
MD5:
463aa075b4b5c1ed902b165b2e77206e
SHA1:
a32abf177fd0e79aa2b6f0e85d04454df4f32c4d
SHA256:
82D6DC954931615DC10AE6564D91C2807E8DC01FE3BC589DAB35301426C8241F
File Size:
1.53 MB, 1527966 bytes
|
|
MD5:
db75b9262cdfcea6b7aafc69bb268e67
SHA1:
5dcd9ffbfa71d44b9df0c3317a4cdff2a1fba082
SHA256:
D6ADE0B442DEC409439F9108ED26558A42979F43B7CCD24DB43F81C5F6234DF3
File Size:
3.92 MB, 3918635 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File has TLS information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
Show More
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Comments | This installation was built with Inno Setup. |
| Company Name |
|
| File Description |
|
| File Version |
|
| Internal Name |
|
| Legal Copyright |
|
| Original Filename |
|
| Packager Version | 1.0.8 |
| Private Build | December 30, 2012 |
| Product Name |
|
| Product Version |
|
Digital Signatures
Digital Signatures
This section lists digital signatures that are attached to samples within this family. When analyzing and verifying digital signatures, it is important to confirm that the signature’s root authority is a well-known and trustworthy entity and that the status of the signature is good. Malware is often signed with non-trustworthy “Self Signed” digital signatures (which can be easily created by a malware author with no verification). Malware may also be signed by legitimate signatures that have an invalid status, and by signatures from questionable root authorities with fake or misleading “Signer” names.| Signer | Root | Status |
|---|---|---|
| Babylon Ltd. | Thawte Code Signing CA - G2 | Self Signed |
File Traits
- HighEntropy
- Installer Version
- No Version Info
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Babylon.B
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| \device\namedpipe\gmdasllogger | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\bab015.lng-6.dat | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\bab022.wclm.dat | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\bab033.tbinst.dat | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\bab091.norecovericon.dat | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\bab102.ndskicn.dat | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\bab128.addonnb.dat | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\babylon.dat | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\bexternal.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\htmlscreens\eula.html | Generic Write,Read Attributes |
Show More
| c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\htmlscreens\options.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\htmlscreens\page0.html | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\htmlscreens\page2.css | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\htmlscreens\page2.html | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\htmlscreens\page2lrg.css | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\htmlscreens\page3.css | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\htmlscreens\page3.html | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\htmlscreens\page3lrg.css | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\htmlscreens\pbar.gif | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\htmlscreens\preftrak.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\htmlscreens\progress.png | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\htmlscreens\setup.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\htmlscreens\side.png | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\htmlscreens\tlbrimg.jpg | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\iecookielow.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\reslib.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\setupstrings.dat | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\sign | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\sqlite3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\dpinst.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\dpinst.xml | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\driverpacksetup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\driverpacksetup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\a3d.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\a3d.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\ambfilt.sys | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\ambfilt.sys | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\monfilt.sys | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\monfilt.sys | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\viahdb.inf | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\viahdb.inf | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\viahdb1.inf | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\viahdb1.inf | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\viahdb2.inf | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\viahdb2.inf | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\viahdb4.inf | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\viahdb4.inf | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\viahdb5.inf | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\viahdb5.inf | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\viahduaa.cat | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\viahduaa.cat | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\viahduaa.sys | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\viahduaa.sys | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012 | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\netrtle.cat | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\netrtle.cat | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\netrtle.inf | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\netrtle.inf | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\rtenic.sys | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\rtenic.sys | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\rtenic64.sys | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\rtenic64.sys | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\rtenicxp.sys | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\rtenicxp.sys | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\rtnicprop32.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\rtnicprop32.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\rtnicprop64.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\rtnicprop64.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\rtnuninst32.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\rtnuninst32.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\rtnuninst64.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\rtnuninst64.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\setup64.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\setup64.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\drvupdater.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\drvupdater.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\eula-ru-todo.txt | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\eula-ru-todo.txt | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\eula-ru.txt | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\eula-ru.txt | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\eula.txt | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\eula.txt | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\icon.ico | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\icon.ico | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\left.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\left.bmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\mailrusputnik_rfrdriverpack2_s_mpcln9134.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\mailrusputnik_rfrdriverpack2_s_mpcln9134.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\mybabylontb.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\mybabylontb.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\run.cmd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\run.cmd | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\run.vbs | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\run.vbs | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\bab307.sp_pop0.dat | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\babylon.dat | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\bexternal.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\_options.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\bluestar.png | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\cmbx.png | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\eula.html | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\globe.png | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\lngs.png | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\naverror.html | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\page0.html | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\page1.css | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\page1.html | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\page1lrg.css | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\page2.css | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\page2.html | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\page2lrg.css | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\page3.css | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\page3.html | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\page3lrg.css | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\page4.css | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\page4.html | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\page4lrg.css | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\pbar.gif | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\progress.png | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\setup.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\title.png | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\toolbar.jpg | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\vicn.png | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\iecookielow.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\setupstrings.dat | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\sqlite3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\a12f2563-bab0-7891-827f-931541f2c301\bab307.sp_pop0.dat | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\a12f2563-bab0-7891-827f-931541f2c301\babylon.dat | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\a12f2563-bab0-7891-827f-931541f2c301\bexternal.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\a12f2563-bab0-7891-827f-931541f2c301\htmlscreens\loading.html | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\a12f2563-bab0-7891-827f-931541f2c301\htmlscreens\naverror.html | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\a12f2563-bab0-7891-827f-931541f2c301\htmlscreens\pbar.gif | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\a12f2563-bab0-7891-827f-931541f2c301\iecookielow.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\a12f2563-bab0-7891-827f-931541f2c301\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\a12f2563-bab0-7891-827f-931541f2c301\setupstrings.dat | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\a12f2563-bab0-7891-827f-931541f2c301\sqlite3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\captura.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-9r3ub.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-9r3ub.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-9r3ub.tmp\ocsetuphlp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-b03e9.tmp\driverpacksetup.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-ekojd.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-ekojd.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-ekojd.tmp\baby.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-eu213.tmp\87d7ad780b48ef7ee7a532aeb73f81da281fec9d_0008375322.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-ohne8.tmp\driverpacksetup.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-p29s4.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-p29s4.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-p29s4.tmp\ocsetuphlp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-pbijl.tmp\adcb594c88c85122bec49cc670c7104c3af28f4d_0008372872.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-ulk9m.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-ulk9m.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-ulk9m.tmp\baby.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsdb75f.tmp\installoptions.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsdb75f.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nsdb75f.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsdb75f.tmp\langdll.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsdb75f.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsdb75f.tmp\pantallatoolbar | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nsdb75f.tmp\pantallatoolbar | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsdb75f.tmp\uac.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\toolbar_trailsframework.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\roaming\babylon\log_file.txt | Generic Write,Read Attributes |
| c:\users\user\appdata\roaming\babylon\sudump.dmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
Registry Modifications
Registry Modifications
This section lists registry keys and values that were created, modified and/or deleted by samples in this family. Windows Registry activity can provide valuable insight into malware functionality. Additionally, malware often creates registry values to allow itself to automatically start and indefinitely persist after an initial infection has compromised the system.| Key::Value | Data | API Name |
|---|---|---|
| HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass | RegNtPreCreateKey | |
| HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname | RegNtPreCreateKey | |
| HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet | RegNtPreCreateKey | |
| HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect | RegNtPreCreateKey | |
| HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass | RegNtPreCreateKey | |
| HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname | RegNtPreCreateKey | |
| HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet | RegNtPreCreateKey | |
| HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect | RegNtPreCreateKey |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Process Manipulation Evasion |
|
| Process Shell Execute |
|
| User Data Access |
|
| Other Suspicious |
|
| Anti Debug |
|
| Network Winhttp |
|
| Keyboard Access |
|
| Network Wininet |
|
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data, and hide malicious activity.
"C:\Users\Tslrahgq\AppData\Local\Temp\2D4994FF-BAB0-7891-8291-81951A06208C\Setup.exe" -affilID=110640 Files\Common Files
|
"C:\Users\Heydjpgo\AppData\Local\Temp\is-EU213.tmp\87d7ad780b48ef7ee7a532aeb73f81da281fec9d_0008375322.tmp" /SL5="$20256,7980552,140800,c:\users\user\downloads\87d7ad780b48ef7ee7a532aeb73f81da281fec9d_0008375322"
|
"C:\Users\Quvhvpkb\AppData\Local\Temp\is-PBIJL.tmp\adcb594c88c85122bec49cc670c7104c3af28f4d_0008372872.tmp" /SL5="$3013C,7978097,140800,c:\users\user\downloads\adcb594c88c85122bec49cc670c7104c3af28f4d_0008372872"
|
(NULL) C:\Users\Fazcybxo\AppData\Local\Temp\7ZipSfx.000\DRPSuPacker\DriverPackSetup.exe
|
"C:\Users\Fazcybxo\AppData\Local\Temp\is-OHNE8.tmp\DriverPackSetup.tmp" /SL5="$40378,960526,118784,C:\Users\Fazcybxo\AppData\Local\Temp\7ZipSfx.000\DRPSuPacker\DriverPackSetup.exe"
|
Show More
RunDll32.exe "C:\Users\Fazcybxo\AppData\Local\Temp\is-P29S4.tmp\OCSetupHlp.dll",_OCPRD858OpenCandy2@16 9072
|
"C:\Users\Qxqwpbbm\AppData\Local\Temp\8F84E620-BAB0-7891-BD72-55A564616AD6\Setup.exe" -trkInfo=[bndl:offline] Files\Common Files
|
"C:\Users\Jbdixtmp\AppData\Local\Temp\A12F2563-BAB0-7891-827F-931541F2C301\Setup.exe" /srcExt=frm Files\Common Files
|
(NULL) C:\Users\Kdprfkvt\AppData\Local\Temp\7ZipSfx.000\DRPSuPacker\DriverPackSetup.exe
|
"C:\Users\Kdprfkvt\AppData\Local\Temp\is-B03E9.tmp\DriverPackSetup.tmp" /SL5="$8036E,960526,118784,C:\Users\Kdprfkvt\AppData\Local\Temp\7ZipSfx.000\DRPSuPacker\DriverPackSetup.exe"
|
RunDll32.exe "C:\Users\Kdprfkvt\AppData\Local\Temp\is-9R3UB.tmp\OCSetupHlp.dll",_OCPRD858OpenCandy2@16 3988
|