home

phBot.exe

phBot

Ryan Clouser

This is a setup program which is used to install the application. The file has been seen being downloaded from cdn.phbot.org.
Publisher:
ProjectHax  (signed by Ryan Clouser)

Product:
phBot

Description:
phBot - Silkroad Online Bot

Version:
12.0.75.0

MD5:
14174687ae15327f6cd1f0fdc989b2c8

SHA-1:
8a33a051041f7cdce889d6f6e7d81884a4183704

SHA-256:
4dbfb0ebfafbed7f3299d6b0ffe40a48020d6faf4f57ec3e82d06ceb580c31af

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 10:43:19 PM UTC  (today)

File size:
18.8 MB (19,744,240 bytes)

Product version:
12.0.75.0

Copyright:
Copyright (C) 2015 ProjectHax

Original file name:
phBot.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
Ryan Clouser

Authority:
StartCom Ltd.

Valid from:
11/8/2013 2:13:03 PM

Valid to:
11/9/2015 12:34:04 AM

Subject:
E=ryan@projecthax.com, CN=Ryan Clouser, L=Camp Hill, S=Pennsylvania, C=US, Description=GDbAxi2Z0A7Em5K7

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
0BB8

File PE Metadata
Compilation timestamp:
4/13/2015 4:14:07 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
393216:T9HiR12SSp9folCsyXFxm36+xKiqnGwxIlysffkUTPjFnxkZW0yL9ggdXG+vy:T1iRtSp9fgC83bmvIlzfRTPjRwg91GKy

Entry address:
0x274A87B

Entry point:
E9, B9, 5A, 1C, FF, 00, 00, 3F, 3F, 39, 74, 79, 70, 65, 5F, 69, 6E, 66, 6F, 40, 40, 51, 42, 45, 5F, 4E, 41, 42, 56, 30, 40, 40, 5A, 00, 00, 00, 47, 65, 74, 53, 79, 73, 43, 6F, 6C, 6F, 72, 00, 50, 9C, E8, 95, 1F, D6, FF, C7, 44, 24, 04, 7F, 13, B5, 02, E8, 15, 5B, 1C, FF, E8, 4D, BB, B8, E1, DF, 54, 65, 72, CE, 90, B0, 47, 47, C4, 5F, 10, 6F, B2, 29, 0D, 3B, F3, 98, A4, 39, 4C, C4, 20, 5E, E1, FB, 56, 92, F5, 48, 4E, 79, DE, 2E, A5, FC, 77, 8B, 79, D8, 5E, 34, 3C, DB, 62, 39, 1F, 7B, B0, 83, 8D, EA, 42, 14...
 
[+]

Packer / compiler:
Xtreme-Protector v1.05

Code size:
9.3 MB (9,716,736 bytes)

The file phBot.exe has been seen being distributed by the following URL.

http://cdn.phbot.org/.../phBot.exe

Scan phBot.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.