» cb3k.dll
Overview
Analysis
File Details

cb3k.dll

Windows for Workgroups Chat (NT)

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The library cb3k.dll, “Windows for Workgroups Chat (NT)” has been detected as malware by 20 anti-virus scanners.

File name:

cb3k.dll

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Microsoft® Windows® Operating System

Description:

Windows for Workgroups Chat (NT)

Version:

5.2.3790.0 (srv03_rtm.030324-2048)

MD5:

8aa9f173f08b7e637b0f2b694da4cae5

SHA-1:

9c76477e241cc78de8f325ac1fb895a7499e2326

Scanner detections:

20 / 68

Status:

Malware

Analysis date:

4/20/2024 3:42:03 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1751030

707

Avira AntiVirus

TR/Crypt.ZPACK.58306

7.11.160.46

AVG

PSW.Generic12

2016.0.3185

Baidu Antivirus

Trojan.Win32.Papras

4.0.3.15227

Bitdefender

Trojan.GenericKD.1751030

1.0.20.290

Bkav FE

HW32.Laneul

1.3.0.4959

ESET NOD32

Win32/PSW.Papras.CP

9.10080

Fortinet FortiGate

W32/Inject.CP!tr

2/27/2015

IKARUS anti.virus

Trojan.Win32.PSW

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.180.12683

Kaspersky

Trojan.Win32.Inject

14.0.0.2420

Malwarebytes

Trojan.FakeMS.ED

v2015.02.27.10

McAfee

Artemis!8AA9F173F08B

5600.6841

Microsoft Security Essentials

Backdoor:Win32/Vawtrak.F

1.10701

MicroWorld eScan

Trojan.GenericKD.1751030

16.0.0.174

Norman

Obfuscated_KA.IP

11.20150227

Qihoo 360 Security

Win32/Trojan.969

1.0.0.1015

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R011H07G814

7.2.58

VIPRE Antivirus

Trojan.Win32.Generic

31174

File size:

361.7 KB (370,357 bytes)

Product version:

5.2.3790.0

Original file name:

WINCHAT.EXE

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Local settings\temp\cb3k.dll

File PE Metadata

Compilation timestamp:

5/18/2006 6:32:15 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

6144:er4Lletz77o02d+fMaf94iGoB+T6x8cReT7b3DEo9G08ETl:eah+r4RoBocQ/D9G08el

Entry address:

0x6CF7

Entry point:

8B, FF, E9, F6, F5, FF, FF, 55, 8B, EC, 83, EC, 30, C7, 45, D4, 00, 00, 00, 00, C7, 45, F4, 01, 00, 00, 00, C7, 45, D8, 9B, 7C, 6D, A6, C7, 45, D0, E0, 00, 00, 00, C7, 45, DC, 04, 00, 00, 00, C7, 45, FC, 14, 00, 00, 00, 8B, 4D, 08, 89, 4D, EC, C7, 45, F0, 41, 01, 00, 00, 83, 7D, 08, 00, 75, 08, 8B, 4D, D4, E9, FE, 00, 00, 00, 81, 7D, F0, 41, 01, 00, 00, 76, 05, E8, F4, 00, 00, 00, 8B, 4D, EC, 0F, B7, 01, 3D, 4D, 5A, 00, 00, 74, 08, 8B, 45, D4, E9, DB, 00, 00, 00, 81, 7D, F0, 41, 01, 00, 00, 73, 05, E8, D1... 
[+]

Code size:

36 KB (36,864 bytes)

Remove cb3k.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.