popup

Report - clip.exe

Malicious Library PE File PE32
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.09.06 08:16 Machine s1_win7_x6402
Filename clip.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
4
 Behavior Score
3.8
ZERO API file : clean
VT API (file) 16 detected (Tasker, malicious, high confidence, Unsafe, ZexaF, eu0@ayYnWumi, GenKryptik, EOYQ, FileRepMalware, Score, Phonzy, Generic@ML, RDML, zU+8TvJojuf4mIrkuCXfPA, confidence, 100%)
md5 0f41234ce843d72a64c622ed1a7a8cb0
sha256 6b7a2535ceb032e616fff2a08328d38b98a60870e7c08e7c600d7b945d2f8fcc
ssdeep 1536:KjRsWpkPNlmRWpeLKei1yX+oVm6LGHy+6XQYcwCwV1/wf:9ziWpeLKei1yuNynXQYcwC
imphash 4c2a534098486955f846a0368c9744ec
impfuzzy 48:tlVcnlrK+dFzkGs1fLW8tEQlvAECRpNXEMZEFHhO1QzGA6U06tTGSealvU/Np3KV:tlVcnlrK+PzkGqLEG2Mhg6g+ELuyKjN
  Network IP location

Signature (9cnts)

Level Description
watch File has been identified by 16 AntiVirus engines on VirusTotal as malicious
watch Installs itself for autorun at Windows startup
watch Uses Sysinternals tools in order to add additional command line functionality
notice A process created a hidden window
notice Allocates read-write-execute memory (usually to unpack itself)
notice Creates a suspicious process
notice Uses Windows utilities for basic Windows functionality
info Command line console output was observed
info Queries for the computername

Rules (3cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x40a078 HeapReAlloc
 0x40a07c VirtualAlloc
 0x40a080 HeapAlloc
 0x40a084 IsValidCodePage
 0x40a088 GetOEMCP
 0x40a08c GetACP
 0x40a090 GetCPInfo
 0x40a094 InitializeCriticalSectionAndSpinCount
 0x40a098 LoadLibraryA
 0x40a09c IsDebuggerPresent
 0x40a0a0 UnhandledExceptionFilter
 0x40a0a4 TerminateProcess
 0x40a0a8 EnterCriticalSection
 0x40a0ac LeaveCriticalSection
 0x40a0b0 GetSystemTimeAsFileTime
 0x40a0b4 GetCurrentProcessId
 0x40a0b8 GetTickCount
 0x40a0bc QueryPerformanceCounter
 0x40a0c0 HeapFree
 0x40a0c4 VirtualFree
 0x40a0c8 RtlUnwind
 0x40a0cc InterlockedDecrement
 0x40a0d0 GetCurrentThreadId
 0x40a0d4 SetLastError
 0x40a0d8 InterlockedIncrement
 0x40a0dc TlsFree
 0x40a0e0 TlsSetValue
 0x40a0e4 TlsAlloc
 0x40a0e8 TlsGetValue
 0x40a0ec DeleteCriticalSection
 0x40a0f0 GetStartupInfoA
 0x40a0f4 SetHandleCount
 0x40a0f8 GetCommandLineW
 0x40a0fc GetEnvironmentStringsW
 0x40a100 FreeEnvironmentStringsW
 0x40a104 GetModuleFileNameW
 0x40a108 GetModuleFileNameA
 0x40a10c GetStdHandle
 0x40a110 WriteFile
 0x40a114 ExitProcess
 0x40a118 GetProcAddress
 0x40a11c Sleep
 0x40a120 GetModuleHandleW
 0x40a124 SetUnhandledExceptionFilter
 0x40a128 GetStartupInfoW
 0x40a12c HeapSize
 0x40a130 GetLocaleInfoA
 0x40a134 WideCharToMultiByte
 0x40a138 GetStringTypeA
 0x40a13c MultiByteToWideChar
 0x40a140 GetStringTypeW
 0x40a144 LCMapStringA
 0x40a148 LCMapStringW
 0x40a14c CreateFileW
 0x40a150 GetVersion
 0x40a154 CancelWaitableTimer
 0x40a158 AddAtomW
 0x40a15c DeleteAtom
 0x40a160 GetFileType
 0x40a164 AssignProcessToJobObject
 0x40a168 GetCurrentProcess
 0x40a16c QueryPerformanceFrequency
 0x40a170 GetLastError
 0x40a174 ClearCommError
 0x40a178 HeapCreate
USER32.dll
 0x40a180 GetWindowLongA
 0x40a184 wvsprintfA
 0x40a188 SetWindowPos
 0x40a18c FindWindowA
 0x40a190 RedrawWindow
 0x40a194 GetWindowTextA
 0x40a198 GetDlgItem
 0x40a19c SendDlgItemMessageA
 0x40a1a0 AppendMenuA
 0x40a1a4 CreatePopupMenu
 0x40a1a8 DestroyMenu
 0x40a1ac ClientToScreen
 0x40a1b0 EnableWindow
 0x40a1b4 GetSystemMetrics
 0x40a1b8 IsWindow
 0x40a1bc CheckRadioButton
 0x40a1c0 UnregisterClassA
 0x40a1c4 SetCursor
 0x40a1c8 GetSysColorBrush
 0x40a1cc DialogBoxParamA
 0x40a1d0 DestroyAcceleratorTable
 0x40a1d4 DispatchMessageA
 0x40a1d8 TranslateMessage
 0x40a1dc LoadIconA
 0x40a1e0 EmptyClipboard
 0x40a1e4 SetClipboardData
 0x40a1e8 SetFocus
 0x40a1ec CharUpperA
 0x40a1f0 OpenClipboard
 0x40a1f4 IsDialogMessageA
 0x40a1f8 TranslateAcceleratorA
 0x40a1fc GetMessageA
 0x40a200 LoadAcceleratorsA
 0x40a204 RemoveMenu
 0x40a208 InvalidateRect
 0x40a20c ChildWindowFromPoint
 0x40a210 PostMessageA
 0x40a214 DestroyCursor
 0x40a218 CreateDialogParamA
 0x40a21c GetWindowRect
 0x40a220 IsMenu
 0x40a224 GetSubMenu
 0x40a228 SetDlgItemInt
 0x40a22c GetWindowPlacement
 0x40a230 CharLowerBuffA
 0x40a234 EnableMenuItem
 0x40a238 CheckMenuRadioItem
 0x40a23c GetSysColor
 0x40a240 KillTimer
 0x40a244 DestroyIcon
 0x40a248 DestroyWindow
 0x40a24c PostQuitMessage
 0x40a250 GetClientRect
 0x40a254 MoveWindow
 0x40a258 GetSystemMenu
 0x40a25c SetTimer
 0x40a260 SetWindowPlacement
 0x40a264 InsertMenuItemA
 0x40a268 GetMenu
 0x40a26c CheckMenuItem
 0x40a270 SetMenuItemInfoA
 0x40a274 SetActiveWindow
 0x40a278 DefDlgProcA
 0x40a27c RegisterClassA
 0x40a280 EndDialog
 0x40a284 SetDlgItemTextA
 0x40a288 EnumClipboardFormats
 0x40a28c GetClipboardData
 0x40a290 CloseClipboard
 0x40a294 GetClassInfoA
 0x40a298 CallWindowProcA
 0x40a29c SetWindowLongA
 0x40a2a0 IsDlgButtonChecked
 0x40a2a4 SetWindowTextA
 0x40a2a8 CheckDlgButton
 0x40a2ac GetActiveWindow
 0x40a2b0 LoadCursorA
 0x40a2b4 MessageBoxA
 0x40a2b8 wsprintfA
 0x40a2bc GetDlgItemTextA
 0x40a2c0 SendMessageA
 0x40a2c4 GetCursorPos
 0x40a2c8 TrackPopupMenu
GDI32.dll
 0x40a058 GetObjectA
 0x40a05c DeleteObject
 0x40a060 SetBkMode
 0x40a064 SelectObject
 0x40a068 CreateFontIndirectA
 0x40a06c SetTextColor
 0x40a070 GetStockObject
COMDLG32.dll
 0x40a04c GetOpenFileNameA
 0x40a050 GetSaveFileNameA
ADVAPI32.dll
 0x40a000 LookupPrivilegeValueA
 0x40a004 OpenProcessToken
 0x40a008 RegQueryValueExA
 0x40a00c RegDeleteKeyA
 0x40a010 RegCreateKeyA
 0x40a014 RegSetValueA
 0x40a018 GetUserNameA
 0x40a01c RegCloseKey
 0x40a020 RegOpenKeyExA
 0x40a024 AdjustTokenPrivileges
VERSION.dll
 0x40a2d0 VerFindFileW
 0x40a2d4 GetFileVersionInfoW
 0x40a2d8 VerQueryValueW
 0x40a2dc VerInstallFileW
 0x40a2e0 GetFileVersionInfoSizeW
COMCTL32.dll
 0x40a02c CreateToolbarEx
 0x40a030 ImageList_Remove
 0x40a034 ImageList_ReplaceIcon
 0x40a038 InitCommonControlsEx
 0x40a03c ImageList_Destroy
 0x40a040 ImageList_Create
 0x40a044 ImageList_SetBkColor

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure