home

phBot.exe

phBot

Ryan Clouser

Publisher:
ProjectHax  (signed by Ryan Clouser)

Product:
phBot

Description:
phBot - Silkroad Online Bot

Version:
14.1.7.0

MD5:
daa20e23f748d0300f22579c274a4692

SHA-1:
127df04542f89273e73ed1a214182facdf5bfee7

SHA-256:
e353eae75d6869d36bf1325030b84492553bee5805ae9e9d7d8aa791fe6c7847

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/24/2024 10:01:16 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Crypt.ZPACK.Gen2
8.3.2.2

File size:
13.9 MB (14,604,784 bytes)

Product version:
14.1.7.0

Copyright:
Copyright (C) 2015 ProjectHax

Original file name:
phBot.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\silkroad\bot ph\phbot.exe

Digital Signature
Signed by:
Ryan Clouser

Authority:
StartCom Ltd.

Valid from:
11/8/2013 5:13:03 AM

Valid to:
11/8/2015 3:34:04 PM

Subject:
E=ryan@projecthax.com, CN=Ryan Clouser, L=Camp Hill, S=Pennsylvania, C=US, Description=GDbAxi2Z0A7Em5K7

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
0BB8

File PE Metadata
Compilation timestamp:
10/29/2015 4:41:52 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
393216:35jua//tXGZTSBjrCjLKGBV7wEmw0Ypeo0DZ6gnwTgPhQ:3/FFBKBVkEmSpe5Z6gnAb

Entry address:
0x24C6195

Entry point:
EB, 08, 7D, 85, 64, 00, 00, 00, 00, 00, E9, D3, 90, FE, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, D0, 90, 2A, 01, 00, 62, 8C, 02, B7, 19, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, D9, B7, 88, 00, 80, 38, 93, 00, A9, 38, 93, 00, C4, 38, 93, 00, ED, 38, 93, 00, 16...
 
[+]

Entropy:
7.9995  (probably packed)

Code size:
13.9 MB (14,592,512 bytes)

Windows Firewall Allowed Program
Name:
phbot - silkroad online bot


Scan phBot.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.