home

phBot.exe

phBot

Ryan Clouser

Publisher:
ProjectHax  (signed by Ryan Clouser)

Product:
phBot

Description:
phBot - Silkroad Online Bot

Version:
15.4.8.0

MD5:
9618eb523a6d3dbcf6a3d81d4e5ecd33

SHA-1:
844a83bb11ace2c1acdf177be1f79f370c47460c

SHA-256:
9611ff43ef36f0ec1a94408298b233dad3d861ef50f7192c09b1eb6cfabafcd0

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/24/2024 9:33:11 AM UTC  (today)

Scan engine
Detection
Engine version

F-Secure
Gen:Variant.Adware.Amonetize
11.2016-05-09_2

Vba32 AntiVirus
Malware-Cryptor.General.6
3.12.26.4

File size:
13.9 MB (14,596,080 bytes)

Product version:
15.4.8.0

Copyright:
Copyright (C) 2015 ProjectHax

Original file name:
phBot.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
Ryan Clouser

Authority:
StartCom Ltd.

Valid from:
11/8/2013 2:13:03 PM

Valid to:
11/9/2015 12:34:04 AM

Subject:
E=ryan@projecthax.com, CN=Ryan Clouser, L=Camp Hill, S=Pennsylvania, C=US, Description=GDbAxi2Z0A7Em5K7

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
0BB8

File PE Metadata
Compilation timestamp:
10/14/2015 10:03:52 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
393216:MzthPNkkF5V5FzTw/jAfiuprW6lRRLTJCX:MRhP2wzTw/Efi6i6lRpkX

Entry address:
0x24B9F4F

Entry point:
EB, 08, 36, D2, DC, 00, 00, 00, 00, 00, E9, 9A, 6B, FD, FF, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, D0, 80, 2A, 01, B0, 9F, 8B, 02, B2, 19, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, D9, B1, 88, 00, 80, 32, 93, 00, A9, 32, 93, 00, C4, 32, 93, 00, ED, 32, 93, 00, 16, 33, 93, 00, 3F, 33, 93, 00, 68, 33, 93...
 
[+]

Entropy:
7.9994  (probably packed)

Code size:
13.9 MB (14,583,808 bytes)

Windows Firewall Allowed Program
Name:
phbot - silkroad online bot


Scan phBot.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.