home

cb.exe

CarbonBlack Sensor

Bit9, Inc

It runs as a separate (within the context of its own process) windows Service named “Carbon Black Sensor”.
Publisher:
Carbon Black, Inc  (signed by Bit9, Inc)

Product:
CarbonBlack Sensor

Version:
5.0.0.50122

MD5:
bcc87fcf1b5da7a727cfae04c8db6a54

SHA-1:
418c828c498e95c7008e8334ef19b98a8c834049

SHA-256:
5b2262bd6a3fa9119ffb1fb2a4ee079954e9d79cf5a6776dda2c9ff2a2d8ff57

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 4:33:29 AM UTC  (today)

File size:
4 MB (4,151,792 bytes)

Product version:
5.0.0.50122

Copyright:
Copyright (C) 2011-2013 Carbon Black, Inc

Original file name:
cb.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\carbonblack\cb.exe

Digital Signature
Signed by:
Bit9, Inc

Authority:
VeriSign, Inc.

Subject:
CN="Bit9, Inc", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Bit9, Inc", L=Waltham, S=Massachusetts, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5C011072F2513DA04F46474630432FB5

File PE Metadata
OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
49152:KsxP6fcVOqnxBn/SpLwUEddNoLN2kNZvpXGy86GAtHaPLUYpTFY2DfypaCckBgfY:RM9aapMCLNxvpXGl6GApeFYtt+fNluh

Entry address:
0x218F5A

Entry point:
E8, 50, D7, 00, 00, E9, 7B, FE, FF, FF, 55, 8B, EC, 51, 83, 65, FC, 00, 56, 8D, 45, FC, 50, FF, 75, 0C, FF, 75, 08, E8, 68, D8, 00, 00, 8B, F0, 83, C4, 0C, 85, F6, 75, 18, 39, 45, FC, 74, 13, E8, 37, 10, 00, 00, 85, C0, 74, 0A, E8, 2E, 10, 00, 00, 8B, 4D, FC, 89, 08, 8B, C6, 5E, C9, C3, 55, 8B, EC, 51, 33, C0, 89, 45, FC, 39, 45, 08, 74, 1A, 8D, 45, FC, 50, FF, 75, 08, E8, 36, 35, 00, 00, 59, 59, 85, C0, 75, 05, 83, C8, FF, C9, C3, 8B, 45, FC, 56, FF, 75, 0C, 50, E8, E8, D8, 00, 00, FF, 75, FC, 8B, F0, E8...
 
[+]

Code size:
2.3 MB (2,448,384 bytes)

Service
Display name:
Carbon Black Sensor

Service name:
CarbonBlack

Type:
Win32OwnProcess


Scan cb.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.