6bdf56962820cf435a210a1779a08457318f28625f741ac1297017c790ffdd3a

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-Mar-31 11:53:20
Detected languages English - United States
CompanyName ProjectHax LLC
FileDescription phBot - Silkroad Online Bot
FileVersion 1.4.2.0
InternalName phBot.dll
LegalCopyright Copyright (C) 2025 ProjectHax LLC
OriginalFilename phBot.dll
ProductName phBot DLL
ProductVersion 1.4.2.0

Plugin Output

Suspicious PEiD Signature: UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
 Leverages the raw socket API to access the Internet:
  • bind
Info The PE is digitally signed. Signer: ProjectHax LLC
Issuer: SSL.com Code Signing Intermediate CA ECC R2
Malicious VirusTotal score: 6/70 (Scanned on 2026-05-02 18:18:28) Bkav: W32.AIDetectMalware
Cylance: Unsafe
DeepInstinct: MALICIOUS
MaxSecure: Trojan.Malware.581620093.susgen
SentinelOne: Static AI - Suspicious PE
TrendMicro-HouseCall: Trojan.Win32.Gen.TL0101D226Z1

Hashes

MD5 63299eb1aec38612584c1b05c332d118
SHA1 3bdd4170e1e66477f9018c6745c22a2f058fd18d
SHA256 6bdf56962820cf435a210a1779a08457318f28625f741ac1297017c790ffdd3a
SHA3 621a2487d42b9c5065e440eb9a41d9db2810c09f14f277607426fbfb115c66df
SSDeep 6144:P1LZ7/RsUpkjP0idjFQmvg9YrUWY6ORx/nVLUMM1ktV/WFqoMF1e:NLZVPKP0+jFFlVORxvVLUNxFqov
Imports Hash 6c9f5c0ba0af6ccfe07c2dd5974f9909

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2026-Mar-31 11:53:20
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x49000
SizeOfInitializedData 0x1000
SizeOfUninitializedData 0x16000
AddressOfEntryPoint 0x0005FBD0 (Section: UPX1)
BaseOfCode 0x17000
BaseOfData 0x60000
ImageBase 0x10000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x61000
SizeOfHeaders 0x200
Checksum 0x50f9f
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x16000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1

MD5 afe926496209a449a2ae54a1ae738b43
SHA1 6fd1a0b420844f6e9e9a3067b601ee05c36f4d79
SHA256 23e952ffeca5aaf2a1b0720240ca78d6e69ae1b9a7ac5950922456c6065c57de
SHA3 dd2179fb3fc80cf9327dde76b59f18d9fbd016161eedc40c6b3efc78854cb635
VirtualSize 0x49000
VirtualAddress 0x17000
SizeOfRawData 0x49000
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.92319

.rsrc

MD5 71ff89e5f83c708cb29cc135ffff076e
SHA1 d049140fb754661b8bbe4fbcf0d7fd489cae14d6
SHA256 6130dda38e365ae57295e5ee1e518a6d088c7ed2970783802cb030ff21a7c229
SHA3 21e3abdd9d7497493abbec7caf9f4a76c9c78eb73ee014c7bd53e69b3e96e287
VirtualSize 0x1000
VirtualAddress 0x60000
SizeOfRawData 0xa00
PointerToRawData 0x49200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.86106

Imports

api-ms-win-crt-convert-l1-1-0.dll strtol
api-ms-win-crt-heap-l1-1-0.dll free
api-ms-win-crt-runtime-l1-1-0.dll _errno
api-ms-win-crt-stdio-l1-1-0.dll __stdio_common_vsprintf_s
api-ms-win-crt-string-l1-1-0.dll tolower
KERNEL32.DLL LoadLibraryA
GetProcAddress
VirtualProtect
MSVCP140.dll ?_Xbad_alloc@std@@YAXXZ
USER32.dll GetFocus
VCRUNTIME140.dll memcpy
WS2_32.dll bind

Delayed Imports

init

Ordinal 1
Address 0x5d0f

1

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x2ec
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.43948
MD5 1c3094ae1c5014d46f971a5593439a0b
SHA1 15c3f384276c3bcce68ca256e5b38d656d61461d
SHA256 33befcfa16f4ee0451073d3ef56aec5fe3f3451baebfb80b797f9dac230c230c
SHA3 4141e550789ed76e039d20b692abd65f9590c79d224c8bbd7613956e6a7635c9

2

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.4.2.0
ProductVersion 1.4.2.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_DLL
Language English - United States
CompanyName ProjectHax LLC
FileDescription phBot - Silkroad Online Bot
FileVersion (#2) 1.4.2.0
InternalName phBot.dll
LegalCopyright Copyright (C) 2025 ProjectHax LLC
OriginalFilename phBot.dll
ProductName phBot DLL
ProductVersion (#2) 1.4.2.0
Resource LangID English - United States

TLS Callbacks

Load Configuration

Size 0xc0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x1000c040
SEHandlerTable 0x1005a720
SEHandlerCount 3

RICH Header

Errors

[*] Warning: Section UPX0 has a size of 0!
Leave a comment

No comments yet.