» phBot.exe
Overview
Analysis
File Details

phBot.exe

phBot

Ryan Clouser

File name:

phBot.exe

Publisher:

ProjectHax (signed by Ryan Clouser)

Product:

phBot

Description:

phBot - Silkroad Online Bot

Version:

11.7.8.0

MD5:

0aa07f19cda0e5ed1ea0b8a710766134

SHA-1:

22bb5c7ad450601d7be33e027608808c7367b5c6

SHA-256:

f6ece297b64b15171d1fb996a774b1a118a8bce757f4291fe3521d71d56fb46f

Scanner detections:

3 / 68

Status:

Clean (3 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/19/2024 11:35:29 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Bkav FE

HW32.Packed

1.3.0.7062

IKARUS anti.virus

not-a-virus:AdWare.Amonetize

t3scan.1.9.5.0

Vba32 AntiVirus

Malware-Cryptor.General.6

3.12.26.4

File size:

10.7 MB (11,204,224 bytes)

Product version:

11.7.8.0

Original file name:

phBot.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\phbot v11.7.6\phbot.exe

Digital Signature

Signed by:

Ryan Clouser

Authority:

StartCom Ltd.

Valid from:

11/8/2013 4:13:03 AM

Valid to:

11/8/2015 2:34:04 PM

Subject:

E=ryan@projecthax.com, CN=Ryan Clouser, L=Camp Hill, S=Pennsylvania, C=US, Description=GDbAxi2Z0A7Em5K7

Issuer:

CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:

0BB8

File PE Metadata

Compilation timestamp:

9/11/2014 10:10:34 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

196608:wigSv+s9ZLdV5R/9UGMr3LDbRs0uxJ9gJAf67yaqlEs90HnBT1SbTi04:RgZEjvUDe0yn/i7yaqT0HBT1Sfi04

Entry address:

0x177C000

Entry point:

51, 89, E1, 81, C1, 04, 00, 00, 00, 53, BB, 04, 00, 00, 00, 29, D9, 5B, 51, FF, 74, 24, 04, 59, 8F, 04, 24, 5C, 89, 34, 24, 68, EA, 76, 00, 00, 89, 04, 24, 68, FB, 13, 00, 00, 89, 1C, 24, E8, 01, 00, 00, 00, CC, FF, 34, 24, 58, 81, EC, 04, 00, 00, 00, 89, 34, 24, 89, E6, 81, C6, 04, 00, 00, 00, 81, C6, 04, 00, 00, 00, 87, 34, 24, 5C, 68, 8E, 6A, 00, 00, 89, 04, 24, FF, 34, 24, 5B, 81, C4, 04, 00, 00, 00, 52, 50, 52, BA, FF, FF, FF, FF, 89, D0, 5A, 89, C2, 58, 29, D0, 5A, 52, 68, 00, 50, 35, 00, 8B, 14, 24... 
[+]

Entropy:

7.9825 (probably packed)

Code size:

9.9 MB (10,341,888 bytes)

Scan phBot.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.