Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Babylon.B

PUP.Babylon.B

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Babylon.B
Signature status: No Signature

Known Samples

MD5: 7d3ae97f15279209a66b742edaa35740
SHA1: 59f9a0994a16de1ca5e18772ef9477f075734b52
SHA256: 5DAD6AA9A32B1432D8157EE9E7A8844176C8504B0F770717248C72844CBA35DD
File Size: 809.62 KB, 809624 bytes
MD5: 1b2ac246ff96f18118f99eff508450fa
SHA1: 87d7ad780b48ef7ee7a532aeb73f81da281fec9d
SHA256: 8FF5A9F67EB3F300BB696F427DA13AA3EF328D2A17E381476F65117B22826295
File Size: 8.38 MB, 8375322 bytes
MD5: 667fb66d5c2c1d6e48408af96ce16549
SHA1: adcb594c88c85122bec49cc670c7104c3af28f4d
SHA256: 58839946FE8B591C07EACA55B6E09F05280B7F54ED18EE33BF2CBC51A56D4E73
File Size: 8.37 MB, 8372872 bytes
MD5: 799f4d29416c0c1324f6ae2c03220e00
SHA1: bd7c12be6f351cd7d4d4c10043d0e4207ae9e46d
SHA256: 32CD4C0D00A285B16ADB2325684835866A589D13EDA759BDE8631FF1CB94EDCD
File Size: 4.33 MB, 4327361 bytes
MD5: 2b677c17222175a43c7fa91e01942100
SHA1: a720d356c3d5ac7c2f20bb3e126271dc4ba4d3a3
SHA256: FC9EA989FE19F107181007AE9E2F7CEBE4AC7B86B5F4EB9997C30FE15F9E5E39
File Size: 7.97 MB, 7972274 bytes
Show More
MD5: 19e1fa7744de934b22243dcfc5ee0294
SHA1: dc7b302203024eee1d82fc28b791009922c18263
SHA256: 3EE86D2EEF67C21452AD653481EE9471D85359FBB367277F18F59E32C2FE08A3
File Size: 919.19 KB, 919192 bytes
MD5: 90b0fe2f0b164b2de8311fddeb7dfd44
SHA1: 6505d6f7209080c6c03e6ea4726a40680e14b156
SHA256: BDF0210601DB2EC50E44D9CA7FF8CF341CEF3306D0F440382F3F2A6C871C8D76
File Size: 776.34 KB, 776344 bytes
MD5: aad69019ad41f1ebe7733d09c1e490c7
SHA1: f90967601dfb8076e492d75ab0faf67e7e74288a
SHA256: 7E629A89090B81075EF8DCCF3030C6C0CA1452E3ADA085CF79B3C6C35891A292
File Size: 6.33 MB, 6327278 bytes
MD5: 463aa075b4b5c1ed902b165b2e77206e
SHA1: a32abf177fd0e79aa2b6f0e85d04454df4f32c4d
SHA256: 82D6DC954931615DC10AE6564D91C2807E8DC01FE3BC589DAB35301426C8241F
File Size: 1.53 MB, 1527966 bytes
MD5: db75b9262cdfcea6b7aafc69bb268e67
SHA1: 5dcd9ffbfa71d44b9df0c3317a4cdff2a1fba082
SHA256: D6ADE0B442DEC409439F9108ED26558A42979F43B7CCD24DB43F81C5F6234DF3
File Size: 3.92 MB, 3918635 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments This installation was built with Inno Setup.
Company Name
  • 7Screensavers.com
  • Babylon Ltd.
  • Kuzyakov Artur
  • Metro7.org
  • spgsoft.com
File Description
  • 3GP Cutter Setup
  • AVI Cutter Setup
  • Babylon Client Setup
  • DriverPack Solution Installer
  • Lake Clock Screensaver Setup
  • Metro7 Setup
File Version
  • 1.5.0.2712
  • 1.0.8.0
  • 1.0
Internal Name
  • Babylon Setup
  • DRPSuInstaller
Legal Copyright
  • 2011(c) Babylon Ltd. All rights reserved.
  • Copyright (c) 2010 spgsoft.com
  • Copyright © 2013 Kuzyakov Artur
Original Filename
  • DRPSuInstaller.exe
  • Setup_Stub.exe
Packager Version 1.0.8
Private Build December 30, 2012
Product Name
  • 3GP Cutter
  • AVI Cutter
  • Babylon Client Setup 1.0
  • DriverPack Solution Installer
  • Lake Clock Screensaver
  • Metro7
Product Version
  • 1.5.0.2712
  • 1.0

Digital Signatures

Signer Root Status
Babylon Ltd. Thawte Code Signing CA - G2 Self Signed

File Traits

  • HighEntropy
  • Installer Version
  • No Version Info
  • x86

Block Information

Similar Families

  • Babylon.B

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\bab015.lng-6.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\bab022.wclm.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\bab033.tbinst.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\bab091.norecovericon.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\bab102.ndskicn.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\bab128.addonnb.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\babylon.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\bexternal.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\htmlscreens\eula.html Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\htmlscreens\options.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\htmlscreens\page0.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\htmlscreens\page2.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\htmlscreens\page2.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\htmlscreens\page2lrg.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\htmlscreens\page3.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\htmlscreens\page3.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\htmlscreens\page3lrg.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\htmlscreens\pbar.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\htmlscreens\preftrak.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\htmlscreens\progress.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\htmlscreens\setup.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\htmlscreens\side.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\htmlscreens\tlbrimg.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\iecookielow.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\reslib.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\setup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\setupstrings.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\sign Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2d4994ff-bab0-7891-8291-81951a06208c\sqlite3.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\dpinst.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\dpinst.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\driverpacksetup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\driverpacksetup.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\a3d.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\a3d.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\ambfilt.sys Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\ambfilt.sys Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\monfilt.sys Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\monfilt.sys Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\viahdb.inf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\viahdb.inf Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\viahdb1.inf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\viahdb1.inf Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\viahdb2.inf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\viahdb2.inf Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\viahdb4.inf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\viahdb4.inf Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\viahdb5.inf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\viahdb5.inf Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\viahduaa.cat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\viahduaa.cat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\viahduaa.sys Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\forced\viahduaa.sys Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\netrtle.cat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\netrtle.cat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\netrtle.inf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\netrtle.inf Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\rtenic.sys Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\rtenic.sys Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\rtenic64.sys Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\rtenic64.sys Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\rtenicxp.sys Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\rtenicxp.sys Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\rtnicprop32.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\rtnicprop32.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\rtnicprop64.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\rtnicprop64.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\rtnuninst32.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\rtnuninst32.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\rtnuninst64.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\drp\pcie_5.810.1218.2012\rtnuninst64.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\setup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\setup.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\setup64.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\setup64.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\drvupdater.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\drvupdater.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\eula-ru-todo.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\eula-ru-todo.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\eula-ru.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\eula-ru.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\eula.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\eula.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\icon.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\icon.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\left.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\left.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\mailrusputnik_rfrdriverpack2_s_mpcln9134.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\mailrusputnik_rfrdriverpack2_s_mpcln9134.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\mybabylontb.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\mybabylontb.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\run.cmd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\run.cmd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\run.vbs Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\drpsupacker\tools\run.vbs Synchronize,Write Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\bab307.sp_pop0.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\babylon.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\bexternal.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\_options.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\bluestar.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\cmbx.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\eula.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\globe.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\lngs.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\naverror.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\page0.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\page1.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\page1.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\page1lrg.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\page2.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\page2.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\page2lrg.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\page3.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\page3.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\page3lrg.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\page4.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\page4.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\page4lrg.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\pbar.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\progress.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\setup.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\title.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\toolbar.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\htmlscreens\vicn.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\iecookielow.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\setup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\setupstrings.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8f84e620-bab0-7891-bd72-55a564616ad6\sqlite3.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a12f2563-bab0-7891-827f-931541f2c301\bab307.sp_pop0.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a12f2563-bab0-7891-827f-931541f2c301\babylon.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a12f2563-bab0-7891-827f-931541f2c301\bexternal.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a12f2563-bab0-7891-827f-931541f2c301\htmlscreens\loading.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a12f2563-bab0-7891-827f-931541f2c301\htmlscreens\naverror.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a12f2563-bab0-7891-827f-931541f2c301\htmlscreens\pbar.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a12f2563-bab0-7891-827f-931541f2c301\iecookielow.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a12f2563-bab0-7891-827f-931541f2c301\setup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a12f2563-bab0-7891-827f-931541f2c301\setupstrings.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a12f2563-bab0-7891-827f-931541f2c301\sqlite3.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\captura.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-9r3ub.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-9r3ub.tmp\_isetup\_shfoldr.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-9r3ub.tmp\ocsetuphlp.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-b03e9.tmp\driverpacksetup.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-ekojd.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-ekojd.tmp\_isetup\_shfoldr.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-ekojd.tmp\baby.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-eu213.tmp\87d7ad780b48ef7ee7a532aeb73f81da281fec9d_0008375322.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-ohne8.tmp\driverpacksetup.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-p29s4.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-p29s4.tmp\_isetup\_shfoldr.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-p29s4.tmp\ocsetuphlp.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-pbijl.tmp\adcb594c88c85122bec49cc670c7104c3af28f4d_0008372872.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-ulk9m.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-ulk9m.tmp\_isetup\_shfoldr.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-ulk9m.tmp\baby.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsdb75f.tmp\installoptions.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsdb75f.tmp\iospecial.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsdb75f.tmp\iospecial.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsdb75f.tmp\langdll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsdb75f.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsdb75f.tmp\pantallatoolbar Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsdb75f.tmp\pantallatoolbar Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsdb75f.tmp\uac.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\toolbar_trailsframework.exe Generic Write,Read Attributes
c:\users\user\appdata\roaming\babylon\log_file.txt Generic Write,Read Attributes
c:\users\user\appdata\roaming\babylon\sudump.dmp Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
User Data Access
  • GetComputerName
  • GetUserName
  • GetUserObjectInformation
Other Suspicious
  • AdjustTokenPrivileges
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Network Winhttp
  • WinHttpOpen
Keyboard Access
  • GetKeyState
Network Wininet
  • InternetOpen
  • InternetOpenUrl
  • InternetSetOption

Shell Command Execution

"C:\Users\Tslrahgq\AppData\Local\Temp\2D4994FF-BAB0-7891-8291-81951A06208C\Setup.exe" -affilID=110640 Files\Common Files
"C:\Users\Heydjpgo\AppData\Local\Temp\is-EU213.tmp\87d7ad780b48ef7ee7a532aeb73f81da281fec9d_0008375322.tmp" /SL5="$20256,7980552,140800,c:\users\user\downloads\87d7ad780b48ef7ee7a532aeb73f81da281fec9d_0008375322"
"C:\Users\Quvhvpkb\AppData\Local\Temp\is-PBIJL.tmp\adcb594c88c85122bec49cc670c7104c3af28f4d_0008372872.tmp" /SL5="$3013C,7978097,140800,c:\users\user\downloads\adcb594c88c85122bec49cc670c7104c3af28f4d_0008372872"
(NULL) C:\Users\Fazcybxo\AppData\Local\Temp\7ZipSfx.000\DRPSuPacker\DriverPackSetup.exe
"C:\Users\Fazcybxo\AppData\Local\Temp\is-OHNE8.tmp\DriverPackSetup.tmp" /SL5="$40378,960526,118784,C:\Users\Fazcybxo\AppData\Local\Temp\7ZipSfx.000\DRPSuPacker\DriverPackSetup.exe"
Show More
RunDll32.exe "C:\Users\Fazcybxo\AppData\Local\Temp\is-P29S4.tmp\OCSetupHlp.dll",_OCPRD858OpenCandy2@16 9072
"C:\Users\Qxqwpbbm\AppData\Local\Temp\8F84E620-BAB0-7891-BD72-55A564616AD6\Setup.exe" -trkInfo=[bndl:offline] Files\Common Files
"C:\Users\Jbdixtmp\AppData\Local\Temp\A12F2563-BAB0-7891-827F-931541F2C301\Setup.exe" /srcExt=frm Files\Common Files
(NULL) C:\Users\Kdprfkvt\AppData\Local\Temp\7ZipSfx.000\DRPSuPacker\DriverPackSetup.exe
"C:\Users\Kdprfkvt\AppData\Local\Temp\is-B03E9.tmp\DriverPackSetup.tmp" /SL5="$8036E,960526,118784,C:\Users\Kdprfkvt\AppData\Local\Temp\7ZipSfx.000\DRPSuPacker\DriverPackSetup.exe"
RunDll32.exe "C:\Users\Kdprfkvt\AppData\Local\Temp\is-9R3UB.tmp\OCSetupHlp.dll",_OCPRD858OpenCandy2@16 3988

Trending

Most Viewed

Loading...