home

phBot.exe

phBot

Ryan Clouser

This is a setup program which is used to install the application. The file has been seen being downloaded from update.phbot.org.
Publisher:
ProjectHax  (signed by Ryan Clouser)

Product:
phBot

Description:
phBot - Silkroad Online Bot

Version:
15.8.2.0

MD5:
d9d70f782d40ae3ec44a819550c83ad2

SHA-1:
5912a6b87d62b325ad041f0cc4a3ccc130ba782e

SHA-256:
bba638d23bafb28b8be5adc9dafd477e0060746e1d223e04b4bcf8cc40447e3b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 10:52:13 PM UTC  (today)

File size:
17.3 MB (18,143,696 bytes)

Product version:
15.8.2.0

Copyright:
Copyright (C) 2015 ProjectHax

Original file name:
phBot.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\phbot.exe

Digital Signature
Signed by:
Ryan Clouser

Authority:
StartCom Ltd.

Valid from:
11/3/2015 5:42:14 PM

Valid to:
11/3/2017 5:53:45 PM

Subject:
E=ryan@projecthax.com, CN=Ryan Clouser, L=Camp Hill, S=Pennsylvania, C=US

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
138102673F594B

File PE Metadata
Compilation timestamp:
1/18/2016 11:50:01 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
393216:sF5MoCThKaGQkwI1wKFSp7hnKsWALXG1y/nWd6Pu1vojk4tKWUpHbd:PoyxFkwIi3nUO0y/WdrZuk2KWQp

Entry address:
0x2BF6117

Entry point:
EB, 08, 5B, 9C, 13, 01, 00, 00, 00, 00, E9, DC, F5, FE, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 90, B0, 34, 01, 80, 61, FF, 02, 09, 1A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 19, 54, 8A, 00, B0, D4, 94, 00, D9, D4, 94, 00, F4, D4, 94, 00, 1D, D5, 94, 00, 46, D5, 94...
 
[+]

Entropy:
7.9995  (probably packed)

Code size:
17.3 MB (18,131,456 bytes)

The file phBot.exe has been seen being distributed by the following URL.

http://update.phbot.org/testing/.../phBot.exe

Scan phBot.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.