home

phbot.exe

MD5:
aab1943fd31ceaf2a7f652e78c22b0b4

SHA-1:
db88ef368b3033d2b3a0d68d1876b177dcc79b08

SHA-256:
90438ba7bce39e231cbe0f49516f0fe0f5cb9047c92c9adbc7ca27226d4ca6df

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
7/13/2025 1:39:48 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Suspicious
7.1.1

Comodo Security
UnclassifiedMalware
16572

ESET NOD32
Win32/Packed.Themida (variant)
8.8548

File size:
8.8 MB (9,198,080 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
10/16/2012 2:35:36 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:/M+jbji1sjzaJI5wPpvP17Y3lnxvSab7SHWaaoPo6EJkztaP:U+jf8sjGQwxC3fTHCWaPPFukzo

Entry address:
0x149A000

Entry point:
55, 89, E5, 52, BA, 04, 00, 00, 00, 01, D5, 5A, 52, BA, 04, 00, 00, 00, 29, D5, 5A, 55, FF, 74, 24, 04, 5D, 8F, 04, 24, 5C, 68, A7, 33, 00, 00, 89, 34, 24, 89, 04, 24, 57, 89, E7, 81, C7, 04, 00, 00, 00, 51, B9, 04, 00, 00, 00, 29, CF, 59, 87, 3C, 24, 5C, 89, 3C, 24, 89, 1C, 24, E8, 01, 00, 00, 00, CC, 8B, 04, 24, 56, 89, E6, 50, B8, 04, 00, 00, 00, 01, C6, 8B, 04, 24, 83, C4, 04, 81, C6, 04, 00, 00, 00, 87, 34, 24, 5C, 68, 51, 05, 00, 00, 89, 34, 24, 89, C6, 56, 81, 34, 24, A9, 36, F1, 38, 5B, 51, B9, A9...
 
[+]

Code size:
10.5 MB (11,051,008 bytes)

Scan phbot.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.