home

cbhost

Bullified Corporation

The file cbhost has been detected as malware by 30 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler named cbhost triggered to execute each time a user logs in.
Publisher:
Webcam Titre  (signed by Bullified Corporation)

Product:
Webcam Titre

Version:
2.1.0.2

MD5:
9a86d337af875ea79714acdc4dfe918c

SHA-1:
0cc17b16714dd9940dc98db6e7c080ba7887d72f

SHA-256:
e6d31c7c4e84680c9b0ccbb32ee1752108bd91ab2d0502c70e21337270c680f9

Scanner detections:
30 / 68

Status:
Malware

Analysis date:
11/27/2024 8:47:43 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.16306383
108

AegisLab AV Signature
Backdoor.Msil.Nanobot!c
2.1.4+

Avira AntiVirus
TR/Dropper.MSIL.dyjm
8.3.3.4

Arcabit
Trojan.Generic.DF8D0CF
1.0.0.688

avast!
Win32:Malware-gen
2014.9-161019

AVG
Atros3
2017.0.2586

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.0.3.161019

Bitdefender
Trojan.Generic.16306383
1.0.20.1465

Emsisoft Anti-Malware
Trojan.Generic.16306383
8.16.10.19.12

ESET NOD32
MSIL/Kryptik.FRN (variant)
10.13535

Fortinet FortiGate
MSIL/Injector.OSK!tr
10/19/2016

F-Secure
Trojan.Generic.16306383
11.2016-19-10_4

G Data
Trojan.Generic.16306383
16.10.25

IKARUS anti.virus
Trojan.MSIL.Injector
t3scan.2.0.9.0

K7 AntiVirus
Trojan
13.226.19686

Kaspersky
Backdoor.MSIL.NanoBot
14.0.0.-575

McAfee
Trojan-FIHN!9A86D337AF87
5600.6242

Microsoft Security Essentials
VirTool:MSIL/Injector.IX
1.1.12804.0

MicroWorld eScan
Trojan.Generic.16306383
17.0.0.879

NANO AntiVirus
Trojan.Win32.Kryptik.eccska
1.0.30.8482

nProtect
Trojan.Generic.16306383
16.05.23.01

Panda Antivirus
Trj/GdSda.A
16.10.19.12

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1120

Quick Heal
Backdoor.Nanobot.r3
10.16.14.00

Rising Antivirus
Backdoor.NanoBot!8.28C-sHKu5OFOVjE (Cloud)
23.00.65.161017

Sophos
Mal/Generic-S
4.98

Trend Micro
TROJ_GEN.R00XC0ED916
10.465.19

VIPRE Antivirus
Trojan.Win32.Generic
49600

ViRobot
Trojan.Win32.Z.Nanobot.254512[h]
2014.3.20.0

Zillya! Antivirus
Backdoor.BrabotCRTD.Win32.58
2.0.0.2883

File size:
248.5 KB (254,512 bytes)

Product version:
2.1.0.2

Copyright:
Copyright @ 2016

Original file name:
EvHhBs2rPJmfPHXpGZd2RetVESKZdx4xrv8OSUO83SxKLsicAzggkzcVB.exe

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\cbhost

Digital Signature
Signed by:
Bullified Corporation

Authority:
Bullified Corporation

Valid from:
3/30/2016 3:43:18 AM

Valid to:
3/31/2026 3:43:18 AM

Subject:
E=adl@bullified.com, CN=Bullified Ltd., OU=MIIO Dept., O=Bullified Corporation, L=Sydney, S=New South Wales, C=AU

Issuer:
E=adl@bullified.com, CN=Bullified Ltd., OU=MIIO Dept., O=Bullified Corporation, L=Sydney, S=New South Wales, C=AU

Serial number:
00D49F2215296B86E7

File PE Metadata
Compilation timestamp:
4/4/2016 5:36:58 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:1n+LIJF2OkSIfGVQJQo1OINGm9DAfHrB+N8HWGOez36I9kBH:ZTufGVQWo1OINGAsHIEWICBH

Entry address:
0x3E06E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
240.5 KB (246,272 bytes)

Scheduled Task
Task name:
cbhost

Path:
\Update\cbhost

Trigger:
Logon (Runs on logon)


Remove cbhost - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.