home

phBot.exe

phBot

Ryan Clouser

This is a setup program which is used to install the application. The file has been seen being downloaded from cdn.phbot.org.
Publisher:
ProjectHax  (signed by Ryan Clouser)

Product:
phBot

Description:
phBot - Silkroad Online Bot

Version:
14.3.0.0

MD5:
5a2025c0607bfee63a6c6b4625cf5d4d

SHA-1:
7e44f67ef190a4b8bc8d174617caeea55568c210

SHA-256:
75bbbee861ee2181ec210a3387bcd94e0a86530756bf02f64a961ded25a14df8

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 10:42:17 PM UTC  (today)

File size:
17.8 MB (18,628,560 bytes)

Product version:
14.3.0.0

Copyright:
Copyright (C) 2016 ProjectHax

Original file name:
phBot.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
Ryan Clouser

Authority:
StartCom Ltd.

Valid from:
11/3/2015 5:42:14 PM

Valid to:
11/3/2017 5:53:45 PM

Subject:
E=ryan@projecthax.com, CN=Ryan Clouser, L=Camp Hill, S=Pennsylvania, C=US

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
138102673F594B

File PE Metadata
Compilation timestamp:
2/3/2016 3:39:28 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
393216:DKIu1Noo+244kN8v/juqjlm7phmo8Ijidr+FDZyrY3Tk4e:Dm1NoebI8/juoIp80jigpwrYe

Entry address:
0x2CE862A

Entry point:
EB, 08, 24, 46, 1A, 01, 00, 00, 00, 00, E9, 90, F8, FE, FF, 00, 00, 00, 00, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 60, 40, 36, 01, 90, 86, 0E, 03, EF, 19, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 69, 68, 8B, 00, 70, EF, 95, 00, 99, EF, 95, 00, B4, EF, 95, 00, DD, EF, 95, 00, 06, F0, 95, 00, 2F, F0...
 
[+]

Entropy:
7.9996  (probably packed)

Code size:
17.8 MB (18,616,320 bytes)

The file phBot.exe has been seen being distributed by the following URL.

http://cdn.phbot.org/stable/.../phBot.exe

Scan phBot.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.