Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Feb. 3, 2025, 1 p.m.	Feb. 3, 2025, 1:02 p.m.

Size	175.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`240a6e1f4217e3eb22db88dc0692b5f7`
SHA256	`97b313f4ebc17549c44f85bdde1cd8cc8dddab22c63361306ee94c580cc7ca29`
CRC32	`16FD64B8`
ssdeep	`3072:fGO4uWRgu9bELjrW2a/lXlvMZ4Iu8oq+zK1+wYlhqTgyZ:+XuMgm4Lm22lXFMZ5j+wB8y`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

nvc.exe "C:\Users\test22\AppData\Local\Temp\nvc.exe"
2544

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Feb. 3, 2025, 1 p.m.			0	0

A process attempted to delay the analysis task. (1 event)

description

nvc.exe tried to sleep 217 seconds, actually delayed analysis time by 217 seconds

Creates hidden or system file (1 event)

Time & API	Arguments	Status	Return	Repeated
SetFileAttributesW Feb. 3, 2025, 1 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\ProgramData\Winsrv\winsvc.exe filepath: C:\ProgramData\Winsrv\winsvc.exe	1	1	0

Installs itself for autorun at Windows startup (2 events)

reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SystemHandler				reg_value	C:\Users\test22\AppData\Local\Temp\nvc.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SystemHandler				reg_value	C:\ProgramData\Winsrv\winsvc.exe

Attempts to modify Explorer settings to prevent hidden files from being displayed (1 event)

registry

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden

File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.ClipBanker.Z!c
Cynet	Malicious (score: 99)
CAT-QuickHeal	Trojan.ClipBanker
Skyhigh	Artemis!Trojan
ALYac	Gen:Variant.Zusy.571494
Cylance	Unsafe
VIPRE	Gen:Variant.Zusy.571494
Sangfor	Banker.Win32.Agent.Ajm1
CrowdStrike	win/malicious_confidence_90% (W)
BitDefender	Gen:Variant.Zusy.571494
K7GW	Trojan ( 005c05021 )
K7AntiVirus	Trojan ( 005c05021 )
Arcabit	Trojan.Zusy.D8B866
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/ClipBanker.TT
APEX	Malicious
Avast	Win32:BankerX-gen [Trj]
Kaspersky	HEUR:Trojan-Banker.Win32.ClipBanker.gen
Alibaba	TrojanBanker:Win32/ClipBanker.7306ebaa
MicroWorld-eScan	Gen:Variant.Zusy.571494
Rising	Trojan.Generic!8.C3 (CLOUD)
Emsisoft	Gen:Variant.Zusy.571494 (B)
F-Secure	Trojan.TR/AD.Nekark.hchtx
TrendMicro	TROJ_GEN.R002C0XB125
McAfeeD	Real Protect-LS!240A6E1F4217
CTX	exe.trojan.clipbanker
Sophos	Mal/Generic-S
SentinelOne	Static AI - Suspicious PE
FireEye	Generic.mg.240a6e1f4217e3eb
Google	Detected
Avira	TR/AD.Nekark.hchtx
Antiy-AVL	Trojan[Banker]/Win32.ClipBanker
Kingsoft	malware.kb.a.762
Gridinsoft	Trojan.Win32.CoinMiner.vl!n
Microsoft	Trojan:Win32/Wacatac.B!ml
GData	Gen:Variant.Zusy.571494
Varist	W32/ABPWS.UNSA-9305
AhnLab-V3	Trojan/Win.Malex.R690725
McAfee	Artemis!240A6E1F4217
DeepInstinct	MALICIOUS
VBA32	BScope.Trojan.Malex
Malwarebytes	Malware.AI.3608662227
Ikarus	Trojan.Win32.Clipbanker
TrendMicro-HouseCall	TROJ_GEN.R002C0XB125
Tencent	Win32.Trojan-Banker.Clipbanker.Hkjl
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/ClipBanker.TT!tr
AVG	Win32:BankerX-gen [Trj]

nvc.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All