home

phBot.exe

phBot

Ryan Clouser

Publisher:
ProjectHax  (signed by Ryan Clouser)

Product:
phBot

Description:
phBot - Silkroad Online Bot

Version:
14.1.6.0

MD5:
2080c838ab00233e04cec7ab5729a957

SHA-1:
b0bc5c1d1f544247292cede7f44c32f25fe7b8fc

SHA-256:
abfbd093765e8b271ccd5c29f5a3a67872c8ae9779306e346cf888897f8cdd38

Scanner detections:
3 / 68

Status:
Clean  (3 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/25/2024 6:05:55 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Crypt.ZPACK.Gen2
8.3.2.2

IKARUS anti.virus
not-a-virus:AdWare.Amonetize
t3scan.1.9.5.0

Vba32 AntiVirus
Malware-Cryptor.General.6
3.12.26.4

File size:
13.9 MB (14,591,472 bytes)

Product version:
14.1.6.0

Copyright:
Copyright (C) 2015 ProjectHax

Original file name:
phBot.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
Ryan Clouser

Authority:
StartCom Ltd.

Valid from:
11/8/2013 7:13:03 AM

Valid to:
11/8/2015 5:34:04 PM

Subject:
E=ryan@projecthax.com, CN=Ryan Clouser, L=Camp Hill, S=Pennsylvania, C=US, Description=GDbAxi2Z0A7Em5K7

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
0BB8

File PE Metadata
Compilation timestamp:
10/24/2015 8:32:12 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
393216:rcUhHe+kAW+xZdH5Nt3ONUp5AZisZSZxo0VpZ:lhkWdH5MYSisZS3TZ

Entry address:
0x24B9EAE

Entry point:
EB, 08, EC, 50, 65, 00, 00, 00, 00, 00, E9, FA, D8, FE, FF, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, D0, 80, 2A, 01, 10, 9F, 8B, 02, B2, 19, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 09, B3, 88, 00, B0, 33, 93, 00, D9, 33, 93, 00, F4, 33, 93, 00, 1D, 34, 93, 00, 46, 34, 93, 00, 6F, 34, 93, 00, 98, 34...
 
[+]

Entropy:
7.9995  (probably packed)

Code size:
13.9 MB (14,579,200 bytes)

Scan phBot.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.