home

phBot.exe

phBot

Ryan Clouser

This is a setup program which is used to install the application. The file has been seen being downloaded from cdn.phbot.org.
Publisher:
ProjectHax  (signed by Ryan Clouser)

Product:
phBot

Description:
phBot - Silkroad Online Bot

Version:
12.0.76.0

MD5:
48c427fae92d9f33e5fb35a7bbd10f67

SHA-1:
30f59c31f01039bebc3f46c41d4f1f2c489809b8

SHA-256:
c0d0cd07819fa923eae211e231235d2d8603b9deacad0c5213c56e5e4a94c408

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 10:50:35 PM UTC  (today)

File size:
19.4 MB (20,353,520 bytes)

Product version:
12.0.76.0

Copyright:
Copyright (C) 2015 ProjectHax

Original file name:
phBot.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
Ryan Clouser

Authority:
StartCom Ltd.

Valid from:
11/8/2013 2:13:03 PM

Valid to:
11/9/2015 12:34:04 AM

Subject:
E=ryan@projecthax.com, CN=Ryan Clouser, L=Camp Hill, S=Pennsylvania, C=US, Description=GDbAxi2Z0A7Em5K7

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
0BB8

File PE Metadata
Compilation timestamp:
4/20/2015 2:44:51 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
393216:0IR+RanRiJpj8fzDUVp5+JF1KY6+QDgnugYLc1PrLu9Nku35Q1azm+mcthk0qQDV:UYRmpQfUX6DSEnNokawcqazrnk0q4lP/

Entry address:
0x19C1091

Entry point:
55, 88, 34, 24, 88, 34, 24, E9, D5, 29, ED, 00, 00, 00, 5F, 5F, 73, 65, 74, 75, 73, 65, 72, 6D, 61, 74, 68, 65, 72, 72, 00, 00, 00, 54, 6C, 73, 46, 72, 65, 65, 00, 00, 00, 3F, 5F, 47, 65, 74, 63, 76, 74, 40, 5F, 4C, 6F, 63, 69, 6E, 66, 6F, 40, 73, 74, 64, 40, 40, 51, 42, 45, 3F, 41, 55, 5F, 43, 76, 74, 76, 65, 63, 40, 40, 58, 5A, 00, E9, 06, 62, FF, FF, 00, 00, 43, 61, 6C, 6C, 4E, 65, 78, 74, 48, 6F, 6F, 6B, 45, 78, 00, 00, 00, 3F, 64, 6F, 5F, 67, 65, 74, 40, 3F, 24, 6E, 75, 6D, 5F, 67, 65, 74, 40, 44, 56...
 
[+]

Code size:
9.3 MB (9,744,896 bytes)

The file phBot.exe has been seen being distributed by the following URL.

http://cdn.phbot.org/.../phBot.exe

Scan phBot.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.