home

Manager.exe

Manager

Ryan Clouser

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘phBot Manager’.
Publisher:
ProjectHax  (signed by Ryan Clouser)

Product:
Manager

Description:
phBot Manager

Version:
1.2.3.0

MD5:
f45677ed9875080d5d30144d44d1cd51

SHA-1:
ea5e1590e9f1ed8b427f0b1713800a6e248b3cf5

SHA-256:
2e3eeaba5c2d667f9f44056b7a64881451e30b541873de7469e5dbc531ab72d2

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/24/2024 7:23:07 AM UTC  (today)

File size:
8.9 MB (9,309,168 bytes)

Product version:
1.2.3.0

Copyright:
Copyright (C) 2015 ProjectHax

Original file name:
Manager.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
Ryan Clouser

Authority:
StartCom Ltd.

Valid from:
11/8/2013 2:13:03 PM

Valid to:
11/9/2015 12:34:04 AM

Subject:
E=ryan@projecthax.com, CN=Ryan Clouser, L=Camp Hill, S=Pennsylvania, C=US, Description=GDbAxi2Z0A7Em5K7

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
0BB8

File PE Metadata
Compilation timestamp:
9/8/2015 10:58:13 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
196608:NgB7sn+7TWb2z9W5iFCnZ1KiY/FvvTFYLMmJreGZ8twzNFT:NgB7qlqz9kn6LCMmfZR/

Entry address:
0x1826C46

Entry point:
EB, 08, 4F, 26, 8D, 00, 00, 00, 00, 00, E9, 3B, 8B, 75, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, D1, EE, 00, B0, 6C, C2, 01, 6D, 11, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 59, 19, 6B, 00, 3B, 88, 75, 00, 8F, 88, 75, 00, C7, 88, 75, 00, 0C, 89, 75, 00, B4, 89...
 
[+]

Code size:
8.9 MB (9,294,848 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
phBot Manager

Command:
C:\phbot\phbotprograms\phbotmanager\manager.exe --password "12345678"


Scan Manager.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.