popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

clip64.dll

UPX Admin Tool (Sysinternals etc ...) Malicious Library PE File DLL OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us March 5, 2023, 2:20 p.m. March 5, 2023, 2:29 p.m.
Size 89.0KB
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 29b9780bb2992d018ae312ed4180a663
SHA256 b0308039b578ab07a5710745e5895b90a88133c669ca14a8f1943845387d223a
CRC32 5F58E409
ssdeep 1536:po4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJUv1aB89p:poUCWbBNpplToUs1uNhj25LJU9aB89p
PDB Path D:\Mktmp\Amadey\ClipperDLL\Release\CLIPPERDLL.pdb
Yara
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • UPX_Zero - UPX packed file
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
pdb_path D:\Mktmp\Amadey\ClipperDLL\Release\CLIPPERDLL.pdb
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2144
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x744df000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2144
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74460000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2144
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x744f1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x744df000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x743e0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x744b1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x744df000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x743e0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x744b1000
process_handle: 0xffffffff
1 0 0
Bkav W32.NataDecoAAT.Trojan
CAT-QuickHeal Trojan.GenericPMF.S29595454
Cylance unsafe
Zillya Trojan.Sdum.Win32.9736
K7AntiVirus Riskware ( 00584baa1 )
K7GW Riskware ( 00584baa1 )
CrowdStrike win/malicious_confidence_100% (W)
VirIT Trojan.Win32.Genus.NMA
APEX Malicious
Cynet Malicious (score: 99)
Alibaba Trojan:Win32/Amadey.2513326e
Sophos Troj/Amadey-K
DrWeb Trojan.Clipper.165
VIPRE Gen:Variant.Zusy.446682
McAfee-GW-Edition Trojan-FUUW!29B9780BB299
Webroot W32.Trojan.Gen
Avira TR/Agent.sxqgf
Antiy-AVL Trojan/Win32.Wacatac
Gridinsoft Malware.Win32.Wacatac.cc
Arcabit Trojan.Zusy.D6D0DA
ViRobot Trojan.Win.Z.Zusy.91136.E
Google Detected
Panda Trj/GdSda.A
TrendMicro-HouseCall TROJ_GEN.R002C0DC223
Tencent Malware.Win32.Gencirc.10bdd5b2
Yandex Trojan.Agent!Z+iHCi/9aN0
Ikarus Trojan.Win32.Amadey
Fortinet W32/Agent.AFDH!tr
AVG Win32:TrojanX-gen [Trj]
Avast Win32:TrojanX-gen [Trj]