home

phBot.exe

phBot

Ryan Clouser

This is a setup program which is used to install the application. The file has been seen being downloaded from update.phbot.org.
Publisher:
ProjectHax  (signed by Ryan Clouser)

Product:
phBot

Description:
phBot - Silkroad Online Bot

Version:
11.9.4.0

MD5:
4aa9663204c6594965f672156fb3cf81

SHA-1:
c6b56729b4f8381eb9a5ddfc6d2a94eb07eb3851

SHA-256:
0686f2a3a366d04b4e728ba01fcf8a67a608bef90655027eb6099bc4316a0710

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 6:47:15 PM UTC  (today)

File size:
18.4 MB (19,296,752 bytes)

Product version:
11.9.4.0

Copyright:
Copyright (C) 2015 ProjectHax

Original file name:
phBot.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\phbot.exe

Digital Signature
Signed by:
Ryan Clouser

Authority:
StartCom Ltd.

Valid from:
11/8/2013 10:13:03 AM

Valid to:
11/8/2015 8:34:04 PM

Subject:
E=ryan@projecthax.com, CN=Ryan Clouser, L=Camp Hill, S=Pennsylvania, C=US, Description=GDbAxi2Z0A7Em5K7

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
0BB8

File PE Metadata
Compilation timestamp:
6/9/2015 1:46:25 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
393216:N6utfDNrSI4zeyuOgbzgjLnymEmkKk7RN9Tv+/ZcYWrtDEblyWUHb7M9b:NnfxrNeey3g4Ly+BINBW/Zc5rtD+QWUo

Entry address:
0x2B5C68A

Entry point:
9C, C7, 04, 24, 77, FF, C8, 60, 68, 58, B4, 93, 93, 66, C7, 04, 24, 4E, 99, C7, 04, 24, 86, 5E, 9A, 78, 9C, 60, 60, 8D, 64, 24, 44, E9, 81, 94, 01, 00, B2, 11, 53, 9E, DB, 5F, 15, 86, F5, 25, DA, 1A, A1, CA, 03, 8F, 89, 4B, CC, 72, D7, 9F, AA, 0F, 63, 96, 4B, CB, 7C, C6, 96, 9B, B9, FE, F1, 6D, 58, F1, BD, 8B, 05, 57, 64, DD, 9A, 8C, 07, 13, A7, 2B, E2, 10, 9C, 96, 1A, 16, D9, F1, AB, C1, 1A, BB, BC, CD, 41, 71, 6D, 2F, 67, 8C, 63, AC, 12, D8, 80, 11, B3, 29, FB, 12, 30, FA, 44, AE, C2, A7, 5F, CF, A4, B8...
 
[+]

Code size:
9.3 MB (9,748,992 bytes)

The file phBot.exe has been seen being distributed by the following URL.

http://update.phbot.org/.../phBot.exe

Scan phBot.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.