home

Manager.exe

Manager

Ryan Clouser

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘phBot Manager’.
Publisher:
ProjectHax  (signed by Ryan Clouser)

Product:
Manager

Description:
phBot Manager

Version:
1.0.19.0

MD5:
7894c58cc09763423e379ef6ee261ec6

SHA-1:
eab31e20b660b8d1d683b691fd8c392f0be8c5ac

SHA-256:
c722a538dbcf44d412666f17ba43b3a196f39080a1c178c08b4b1cdea476ccd4

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 4:12:39 AM UTC  (today)

File size:
14.4 MB (15,074,288 bytes)

Product version:
1.0.19.0

Copyright:
Copyright (C) 2015 ProjectHax

Original file name:
Manager.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
Ryan Clouser

Authority:
StartCom Ltd.

Valid from:
11/8/2013 2:13:03 PM

Valid to:
11/9/2015 12:34:04 AM

Subject:
E=ryan@projecthax.com, CN=Ryan Clouser, L=Camp Hill, S=Pennsylvania, C=US, Description=GDbAxi2Z0A7Em5K7

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
0BB8

File PE Metadata
Compilation timestamp:
4/27/2015 9:26:45 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
393216:Y8mxK6fNH72KFfjw6ubd5JDdldwH77TnFAuLNzaJcuXNX:ExKCNHDjwHJvdwHDVAceZ

Entry address:
0x1865A29

Entry point:
E9, A1, 12, 00, 00, 9C, 8D, 64, 24, 0C, 0F, 86, 76, C1, FF, FF, D2, CF, 8B, 7A, 24, D2, EF, D2, D5, 66, 0F, CB, 66, 0F, BD, CA, 01, C7, 66, 0F, BC, C8, 8B, 5A, 20, 66, F7, D9, 01, C3, 66, 81, D1, 52, 23, 21, F9, F6, DD, D2, ED, C7, 45, F8, 00, 00, 00, 00, F6, C4, 7F, 66, 0F, B6, C9, D2, C1, 60, 8B, 4A, 18, 83, C4, 20, 38, E2, 53, C6, 04, 24, 8D, 3B, 4D, F8, 60, 60, 68, D3, 5E, D9, 38, C6, 04, 24, F1, 8D, 64, 24, 48, 0F, 86, D0, 62, A8, FF, 81, F6, A0, 3C, 7F, E2, 83, E9, 01, 66, C1, EE, 0A, 66, D3, FE, 0F...
 
[+]

Entropy:
7.9053

Packer / compiler:
Xtreme-Protector v1.05

Code size:
7.3 MB (7,693,312 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
phBot Manager

Command:
C:\silkroad\phbot v11.9.1a\manager.exe --password "12345678"


Scan Manager.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.