popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

clp5.exe

Malicious Library UPX OS Processor Check PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 May 25, 2023, 5:35 p.m. May 25, 2023, 5:44 p.m.
Size 7.0MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 a541e034129465229c0fe10ecfcb2703
SHA256 8289719f27cfdb3e066acf74f9645dceddff1eae764b605b12e18b2af2907e7e
CRC32 D3CA8DA5
ssdeep 98304:Bf8hkG8XVZWT/FIVxQp6+ZQ0a8wmNCw9wSWe46GwYxOcyRvG4dhlA:e8FMZIwZA8wmkwyZCncivG4
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section _RDATA
section IH19BTR1
section .0Dev
section {u'size_of_data': u'0x00033200', u'virtual_address': u'0x002c3000', u'entropy': 7.006822143063866, u'name': u'.rdata', u'virtual_size': u'0x000330a8'} entropy 7.00682214306 description A section with a high entropy has been found
section {u'size_of_data': u'0x00003800', u'virtual_address': u'0x00310000', u'entropy': 7.891661042509177, u'name': u'.pdata', u'virtual_size': u'0x0000378c'} entropy 7.89166104251 description A section with a high entropy has been found
section {u'size_of_data': u'0x00000600', u'virtual_address': u'0x00315000', u'entropy': 7.22403210525547, u'name': u'IH19BTR1', u'virtual_size': u'0x00000480'} entropy 7.22403210526 description A section with a high entropy has been found
section {u'size_of_data': u'0x00000c00', u'virtual_address': u'0x00316000', u'entropy': 7.565497587554513, u'name': u'IH19BTR1', u'virtual_size': u'0x00000b04'} entropy 7.56549758755 description A section with a high entropy has been found
section {u'size_of_data': u'0x0019a800', u'virtual_address': u'0x003da000', u'entropy': 7.779476591400952, u'name': u'IH19BTR1', u'virtual_size': u'0x0019a6fb'} entropy 7.7794765914 description A section with a high entropy has been found
section {u'size_of_data': u'0x00191c00', u'virtual_address': u'0x00576000', u'entropy': 7.8523766219998885, u'name': u'IH19BTR1', u'virtual_size': u'0x00191abc'} entropy 7.852376622 description A section with a high entropy has been found
entropy 0.483969891274 description Overall entropy of this PE file is high
MicroWorld-eScan Gen:Variant.Lazy.345052
Cybereason malicious.1497c8
Arcabit Trojan.Lazy.D543DC
Cyren W64/ClipBanker.BF.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win64/ClipBanker.DL
Cynet Malicious (score: 100)
APEX Malicious
Kaspersky VHO:Trojan.Win32.Agent.gen
BitDefender Gen:Variant.Lazy.345052
VIPRE Gen:Variant.Lazy.345052
McAfee-GW-Edition BehavesLike.Win64.Drixed.wc
FireEye Generic.mg.a541e03412946522
Emsisoft Gen:Variant.Lazy.345052 (B)
Gridinsoft Trojan.Heur!.02012023
Microsoft Program:Win32/Wacapew.C!ml
ZoneAlarm VHO:Trojan.Win32.Agent.gen
GData Gen:Variant.Lazy.345052
Google Detected
AhnLab-V3 Trojan/Win.Evo-gen.R580891
ALYac Gen:Variant.Lazy.345052
MAX malware (ai score=84)
Rising Trojan.ClipBanker!8.5FB (TFE:5:NsOahloFUMG)
MaxSecure Trojan.Malware.300983.susgen
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_90% (D)