home

phBot.exe

phBot

Ryan Clouser

This is a setup program which is used to install the application. The file has been seen being downloaded from update.phbot.org.
Publisher:
ProjectHax  (signed by Ryan Clouser)

Product:
phBot

Description:
phBot - Silkroad Online Bot

Version:
11.9.6.0

MD5:
2a768231267af8768fd02278dd24cb3f

SHA-1:
c97c6ad672b527cc678425a082e747cbf3cb59ee

SHA-256:
eb529b67362262c9c7cb01bb5b7e58b1221a636c417a561e1c3b3fb8eb511430

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/24/2024 4:49:12 AM UTC  (today)

Scan engine
Detection
Engine version

IKARUS anti.virus
not-a-virus:AdWare.Amonetize
t3scan.1.9.5.0

Vba32 AntiVirus
Malware-Cryptor.General.6
3.12.26.4

File size:
19.8 MB (20,782,064 bytes)

Product version:
11.9.6.0

Copyright:
Copyright (C) 2015 ProjectHax

Original file name:
phBot.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\lady\phbot.exe

Digital Signature
Signed by:
Ryan Clouser

Authority:
StartCom Ltd.

Valid from:
11/8/2013 2:13:03 PM

Valid to:
11/9/2015 12:34:04 AM

Subject:
E=ryan@projecthax.com, CN=Ryan Clouser, L=Camp Hill, S=Pennsylvania, C=US, Description=GDbAxi2Z0A7Em5K7

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
0BB8

File PE Metadata
Compilation timestamp:
7/8/2015 4:40:48 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
393216:s56d3ysVJ1LIrdY62VfN3QQP7pshGE6Z2SVZez9PoCDwU6b:c6JrLIBxe5QM7KG9UseFoCDwRb

Entry address:
0x1F297E0

Entry point:
E9, 10, 95, FF, FF, 00, 00, 47, 65, 74, 56, 65, 72, 73, 69, 6F, 6E, 45, 78, 57, 00, E9, 22, CD, B6, FF, 52, 9C, 60, 8D, 64, 24, 28, E8, 70, F7, B5, FF, 60, E9, 5E, 55, 00, 00, 6F, 87, D0, 16, AC, 52, A8, F2, BC, B9, 06, F8, C7, C9, DC, 79, 46, 30, 35, 40, 45, E0, E5, 74, 71, 1C, 3A, 8E, 84, 08, 1D, 20, 36, 52, B2, 3C, 55, 3B, AC, 6D, 6C, 56, CA, B2, FC, 7D, 9B, 27, DF, 11, 5A, DD, DD, B6, 26, 9C, 14, 12, F7, 45, E5, FB, E0, 99, C2, 9E, A7, BE, D3, D1, 27, 67, 94, 55, FC, F6, 66, 3B, 6B, 7A, 03, 01, 87, F2...
 
[+]

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
9.3 MB (9,709,568 bytes)

The file phBot.exe has been seen being distributed by the following URL.

http://update.phbot.org/.../phBot.exe

Scan phBot.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.