» phBot.exe
Overview
Analysis
File Details

phBot.exe

phBot

Ryan Clouser

File name:

phBot.exe

Publisher:

ProjectHax (signed by Ryan Clouser)

Product:

phBot

Description:

phBot - Silkroad Online Bot

Version:

14.0.6.0

MD5:

3a044bb4d06fac7f6c5f70c835a5ab45

SHA-1:

f69f1eeb61270d8786b5098655b1f9e9f5e76614

SHA-256:

949bc8548db5c254b89ceef918f7f007c54365129d947e23e19b8f1479a80100

Scanner detections:

3 / 68

Status:

Clean (3 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/26/2024 11:00:29 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Bkav FE

HW32.Packed

1.3.0.7062

IKARUS anti.virus

not-a-virus:AdWare.Amonetize

t3scan.1.9.5.0

Vba32 AntiVirus

Malware-Cryptor.General.6

3.12.26.4

File size:

21.5 MB (22,520,304 bytes)

Product version:

14.0.6.0

Original file name:

phBot.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Digital Signature

Signed by:

Ryan Clouser

Authority:

StartCom Ltd.

Valid from:

11/8/2013 2:13:03 PM

Valid to:

11/9/2015 12:34:04 AM

Subject:

E=ryan@projecthax.com, CN=Ryan Clouser, L=Camp Hill, S=Pennsylvania, C=US, Description=GDbAxi2Z0A7Em5K7

Issuer:

CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:

0BB8

File PE Metadata

Compilation timestamp:

8/11/2015 4:02:32 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

393216:MKaI+uALXh6xRuh9BILzs5HCTFlghfyRg1ukKXy3gNhyC6Vk/wI5:wu0MuzSLwHCTFlefy61uk13gNhuQJ5

Entry address:

0x22F96E6

Entry point:

E8, 36, 44, 8A, FF, 9C, 3C, 18, 4E, 8B, 70, 3C, 66, 0F, BE, D3, 80, F6, 9F, 66, 0F, BA, F2, 0F, 01, C6, 0F, 97, C6, 0F, CA, 8B, 56, 78, 9C, 56, 85, D2, 88, 3C, 24, 60, FF, 74, 24, 04, 8D, 64, 24, 34, 0F, 84, FE, 40, 00, 00, 56, 66, 0F, BE, CB, 01, C2, 66, FF, C9, 0F, A3, EA, 09, E1, 8B, 4E, 7C, F9, F9, 68, 56, 07, A9, 25, 01, D1, E8, 87, F2, D5, FF, AC, 84, E3, F6, D8, 88, 64, 24, 04, F9, E9, 96, 29, D5, FF, 00, 00, 3F, 5F, 4D, 61, 6B, 65, 6C, 6F, 63, 40, 5F, 4C, 6F, 63, 69, 6D, 70, 40, 6C, 6F, 63, 61, 6C... 
[+]

Code size:

9.6 MB (10,055,168 bytes)

Scan phBot.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.