phBot.exe

phBot

Ryan Clouser

This is a setup program which is used to install the application. The file has been seen being downloaded from update.phbot.org.
Publisher:
ProjectHax  (signed by Ryan Clouser)

Product:
phBot

Description:
phBot - Silkroad Online Bot

Version:
11.9.5.0

MD5:
2d62cda2e0fbead3362c576f11f4318a

SHA-1:
149670850b91703ea035a23c4c8e5335122ef976

SHA-256:
6a9567b42e7d74b7cc22f7a84aaee67b89138cc459f5c51a1b61eff3486328fa

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/26/2024 2:58:33 PM UTC  (today)

File size:
18.8 MB (19,759,088 bytes)

Product version:
11.9.5.0

Copyright:
Copyright (C) 2015 ProjectHax

Original file name:
phBot.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\phbot.exe

Digital Signature
Signed by:

Authority:
StartCom Ltd.

Valid from:
11/8/2013 10:13:03 AM

Valid to:
11/8/2015 8:34:04 PM

Subject:
E=ryan@projecthax.com, CN=Ryan Clouser, L=Camp Hill, S=Pennsylvania, C=US, Description=GDbAxi2Z0A7Em5K7

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
0BB8

File PE Metadata
Compilation timestamp:
6/23/2015 1:17:43 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
393216:aN/9eVoUkorpmMp4vsfxv9vUy59mAUg18MOMNg2ieFRzY7McKg:ahI/kotfOv418M6+h/Miu7MG

Entry address:
0x29A1958

Entry point:
9C, 66, C7, 04, 24, D3, D4, C7, 04, 24, 6E, 92, AB, AA, 9C, 60, E8, 07, C4, 01, 00, 8D, 64, 24, 28, 0F, 84, 4E, 57, 00, 00, 68, B1, A1, F0, ED, 8D, 64, 24, 04, 0F, 83, 86, 24, 00, 00, E8, 7F, 40, B7, FF, F5, F5, 87, 74, 24, 24, 66, 0F, AB, DE, BE, 5E, 7F, 10, A4, 89, FE, 9C, 9C, 66, 0F, BA, E5, 0D, 29, C6, C6, 04, 24, 29, E8, 2D, 8D, B6, FF, C3, CB, 7C, 64, C9, 19, B0, 52, D7, 55, AE, 58, C1, 13, 7C, F6, 5F, D1, 3A, C0, 29, 9F, F8, 76, DF, 39, A2, 20, 89, EB, 54, BE, 27, 95, 46, 74, 6D, 20, 10, 3D, DB, C4...
 
[+]

Code size:
9.3 MB (9,750,016 bytes)

The file phBot.exe has been seen being distributed by the following URL.

Scan phBot.exe - Powered by Reason Core Security