ScreenShot
| Created | 2022.12.19 18:12 | Machine | s1_win7_x6401 |
| Filename | Clip1.exe | ||
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 29 detected (AIDetect, malware1, Babar, Save, malicious, ZexaF, @Z0@ain1xtji, Attribute, HighConfidence, high confidence, ClipBanker, FileRepMalware, Generic ML PUA, high, score, Static AI, Suspicious PE, ai score=83, Generic@AI, RDML, OB4qS+CxeaURKO5003Locg, susgen) | ||
| md5 | 2160b328dfdbbe8080a40f80ae87af73 | ||
| sha256 | 3fc2b54f096ed132efadac0b097ebf55c867e346f5685588981f40310997452f | ||
| ssdeep | 196608:hT73/ahrYWuQouogKsCuo5aKmU/FkcDrhwJb2No+dFBP6:hT73/azo91la6/Fkcn+0o+dF16 | ||
| imphash | 31f79822d98de83a8ab41f63344c9d24 | ||
| impfuzzy | 48:KwO+VAXOmGx0ow14ASXJ+Zcp+svZZZw/tvAKiyuQ3a:2+2X0x0ow1AXJ+Zcp+AjCtvALyuua | ||
Network IP location
Signature (13cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| watch | Detects the presence of Wine emulator |
| watch | Installs itself for autorun at Windows startup |
| watch | Uses Sysinternals tools in order to add additional command line functionality |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | Performs some HTTP requests |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (11cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | NPKI_Zero | File included NPKI | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (4cnts) ?
Suricata ids
ET MALWARE Laplas Clipper - SetOnline CnC Checkin
ET USER_AGENTS Go HTTP Client User-Agent
ET MALWARE Laplas Clipper - Regex CnC Request
ET MALWARE Laplas Clipper CnC Domain (clipper .guru) in DNS Lookup
ET USER_AGENTS Go HTTP Client User-Agent
ET MALWARE Laplas Clipper - Regex CnC Request
ET MALWARE Laplas Clipper CnC Domain (clipper .guru) in DNS Lookup
PE API
IAT(Import Address Table) Library
kernel32.dll
0xc30000 WriteFile
0xc30004 WriteConsoleW
0xc30008 WaitForMultipleObjects
0xc3000c WaitForSingleObject
0xc30010 VirtualQuery
0xc30014 VirtualFree
0xc30018 VirtualAlloc
0xc3001c SwitchToThread
0xc30020 SuspendThread
0xc30024 SetWaitableTimer
0xc30028 SetUnhandledExceptionFilter
0xc3002c SetProcessPriorityBoost
0xc30030 SetEvent
0xc30034 SetErrorMode
0xc30038 SetConsoleCtrlHandler
0xc3003c ResumeThread
0xc30040 PostQueuedCompletionStatus
0xc30044 LoadLibraryA
0xc30048 LoadLibraryW
0xc3004c SetThreadContext
0xc30050 GetThreadContext
0xc30054 GetSystemInfo
0xc30058 GetSystemDirectoryA
0xc3005c GetStdHandle
0xc30060 GetQueuedCompletionStatusEx
0xc30064 GetProcessAffinityMask
0xc30068 GetProcAddress
0xc3006c GetEnvironmentStringsW
0xc30070 GetConsoleMode
0xc30074 FreeEnvironmentStringsW
0xc30078 ExitProcess
0xc3007c DuplicateHandle
0xc30080 CreateWaitableTimerExW
0xc30084 CreateThread
0xc30088 CreateIoCompletionPort
0xc3008c CreateFileA
0xc30090 CreateEventA
0xc30094 CloseHandle
0xc30098 AddVectoredExceptionHandler
kernel32.dll
0xc300a0 GetSystemTimeAsFileTime
0xc300a4 CreateEventA
0xc300a8 GetModuleFileNameW
0xc300ac GetModuleHandleA
0xc300b0 TerminateProcess
0xc300b4 GetCurrentProcess
0xc300b8 CreateToolhelp32Snapshot
0xc300bc Thread32First
0xc300c0 GetCurrentProcessId
0xc300c4 GetCurrentThreadId
0xc300c8 OpenThread
0xc300cc Thread32Next
0xc300d0 CloseHandle
0xc300d4 SuspendThread
0xc300d8 ResumeThread
0xc300dc WriteProcessMemory
0xc300e0 GetSystemInfo
0xc300e4 VirtualAlloc
0xc300e8 VirtualProtect
0xc300ec VirtualFree
0xc300f0 GetProcessAffinityMask
0xc300f4 SetProcessAffinityMask
0xc300f8 GetCurrentThread
0xc300fc SetThreadAffinityMask
0xc30100 Sleep
0xc30104 LoadLibraryA
0xc30108 FreeLibrary
0xc3010c GetTickCount
0xc30110 SystemTimeToFileTime
0xc30114 FileTimeToSystemTime
0xc30118 GlobalFree
0xc3011c LocalAlloc
0xc30120 LocalFree
0xc30124 GetProcAddress
0xc30128 ExitProcess
0xc3012c EnterCriticalSection
0xc30130 LeaveCriticalSection
0xc30134 InitializeCriticalSection
0xc30138 DeleteCriticalSection
0xc3013c MultiByteToWideChar
0xc30140 GetModuleHandleW
0xc30144 LoadResource
0xc30148 FindResourceExW
0xc3014c FindResourceExA
0xc30150 WideCharToMultiByte
0xc30154 GetThreadLocale
0xc30158 GetUserDefaultLCID
0xc3015c GetSystemDefaultLCID
0xc30160 EnumResourceNamesA
0xc30164 EnumResourceNamesW
0xc30168 EnumResourceLanguagesA
0xc3016c EnumResourceLanguagesW
0xc30170 EnumResourceTypesA
0xc30174 EnumResourceTypesW
0xc30178 CreateFileW
0xc3017c LoadLibraryW
0xc30180 GetLastError
0xc30184 FlushFileBuffers
0xc30188 WriteConsoleW
0xc3018c SetStdHandle
0xc30190 IsProcessorFeaturePresent
0xc30194 DecodePointer
0xc30198 GetCommandLineA
0xc3019c HeapFree
0xc301a0 GetCPInfo
0xc301a4 InterlockedIncrement
0xc301a8 InterlockedDecrement
0xc301ac GetACP
0xc301b0 GetOEMCP
0xc301b4 IsValidCodePage
0xc301b8 EncodePointer
0xc301bc TlsAlloc
0xc301c0 TlsGetValue
0xc301c4 TlsSetValue
0xc301c8 TlsFree
0xc301cc SetLastError
0xc301d0 UnhandledExceptionFilter
0xc301d4 SetUnhandledExceptionFilter
0xc301d8 IsDebuggerPresent
0xc301dc HeapAlloc
0xc301e0 RaiseException
0xc301e4 LCMapStringW
0xc301e8 GetStringTypeW
0xc301ec SetHandleCount
0xc301f0 GetStdHandle
0xc301f4 InitializeCriticalSectionAndSpinCount
0xc301f8 GetFileType
0xc301fc GetStartupInfoW
0xc30200 GetModuleFileNameA
0xc30204 FreeEnvironmentStringsW
0xc30208 GetEnvironmentStringsW
0xc3020c HeapCreate
0xc30210 HeapDestroy
0xc30214 QueryPerformanceCounter
0xc30218 HeapSize
0xc3021c WriteFile
0xc30220 RtlUnwind
0xc30224 SetFilePointer
0xc30228 GetConsoleCP
0xc3022c GetConsoleMode
0xc30230 HeapReAlloc
0xc30234 VirtualQuery
USER32.dll
0xc3023c CharUpperBuffW
kernel32.dll
0xc30244 LocalAlloc
0xc30248 LocalFree
0xc3024c GetModuleFileNameW
0xc30250 ExitProcess
0xc30254 LoadLibraryA
0xc30258 GetModuleHandleA
0xc3025c GetProcAddress
EAT(Export Address Table) is none
kernel32.dll
0xc30000 WriteFile
0xc30004 WriteConsoleW
0xc30008 WaitForMultipleObjects
0xc3000c WaitForSingleObject
0xc30010 VirtualQuery
0xc30014 VirtualFree
0xc30018 VirtualAlloc
0xc3001c SwitchToThread
0xc30020 SuspendThread
0xc30024 SetWaitableTimer
0xc30028 SetUnhandledExceptionFilter
0xc3002c SetProcessPriorityBoost
0xc30030 SetEvent
0xc30034 SetErrorMode
0xc30038 SetConsoleCtrlHandler
0xc3003c ResumeThread
0xc30040 PostQueuedCompletionStatus
0xc30044 LoadLibraryA
0xc30048 LoadLibraryW
0xc3004c SetThreadContext
0xc30050 GetThreadContext
0xc30054 GetSystemInfo
0xc30058 GetSystemDirectoryA
0xc3005c GetStdHandle
0xc30060 GetQueuedCompletionStatusEx
0xc30064 GetProcessAffinityMask
0xc30068 GetProcAddress
0xc3006c GetEnvironmentStringsW
0xc30070 GetConsoleMode
0xc30074 FreeEnvironmentStringsW
0xc30078 ExitProcess
0xc3007c DuplicateHandle
0xc30080 CreateWaitableTimerExW
0xc30084 CreateThread
0xc30088 CreateIoCompletionPort
0xc3008c CreateFileA
0xc30090 CreateEventA
0xc30094 CloseHandle
0xc30098 AddVectoredExceptionHandler
kernel32.dll
0xc300a0 GetSystemTimeAsFileTime
0xc300a4 CreateEventA
0xc300a8 GetModuleFileNameW
0xc300ac GetModuleHandleA
0xc300b0 TerminateProcess
0xc300b4 GetCurrentProcess
0xc300b8 CreateToolhelp32Snapshot
0xc300bc Thread32First
0xc300c0 GetCurrentProcessId
0xc300c4 GetCurrentThreadId
0xc300c8 OpenThread
0xc300cc Thread32Next
0xc300d0 CloseHandle
0xc300d4 SuspendThread
0xc300d8 ResumeThread
0xc300dc WriteProcessMemory
0xc300e0 GetSystemInfo
0xc300e4 VirtualAlloc
0xc300e8 VirtualProtect
0xc300ec VirtualFree
0xc300f0 GetProcessAffinityMask
0xc300f4 SetProcessAffinityMask
0xc300f8 GetCurrentThread
0xc300fc SetThreadAffinityMask
0xc30100 Sleep
0xc30104 LoadLibraryA
0xc30108 FreeLibrary
0xc3010c GetTickCount
0xc30110 SystemTimeToFileTime
0xc30114 FileTimeToSystemTime
0xc30118 GlobalFree
0xc3011c LocalAlloc
0xc30120 LocalFree
0xc30124 GetProcAddress
0xc30128 ExitProcess
0xc3012c EnterCriticalSection
0xc30130 LeaveCriticalSection
0xc30134 InitializeCriticalSection
0xc30138 DeleteCriticalSection
0xc3013c MultiByteToWideChar
0xc30140 GetModuleHandleW
0xc30144 LoadResource
0xc30148 FindResourceExW
0xc3014c FindResourceExA
0xc30150 WideCharToMultiByte
0xc30154 GetThreadLocale
0xc30158 GetUserDefaultLCID
0xc3015c GetSystemDefaultLCID
0xc30160 EnumResourceNamesA
0xc30164 EnumResourceNamesW
0xc30168 EnumResourceLanguagesA
0xc3016c EnumResourceLanguagesW
0xc30170 EnumResourceTypesA
0xc30174 EnumResourceTypesW
0xc30178 CreateFileW
0xc3017c LoadLibraryW
0xc30180 GetLastError
0xc30184 FlushFileBuffers
0xc30188 WriteConsoleW
0xc3018c SetStdHandle
0xc30190 IsProcessorFeaturePresent
0xc30194 DecodePointer
0xc30198 GetCommandLineA
0xc3019c HeapFree
0xc301a0 GetCPInfo
0xc301a4 InterlockedIncrement
0xc301a8 InterlockedDecrement
0xc301ac GetACP
0xc301b0 GetOEMCP
0xc301b4 IsValidCodePage
0xc301b8 EncodePointer
0xc301bc TlsAlloc
0xc301c0 TlsGetValue
0xc301c4 TlsSetValue
0xc301c8 TlsFree
0xc301cc SetLastError
0xc301d0 UnhandledExceptionFilter
0xc301d4 SetUnhandledExceptionFilter
0xc301d8 IsDebuggerPresent
0xc301dc HeapAlloc
0xc301e0 RaiseException
0xc301e4 LCMapStringW
0xc301e8 GetStringTypeW
0xc301ec SetHandleCount
0xc301f0 GetStdHandle
0xc301f4 InitializeCriticalSectionAndSpinCount
0xc301f8 GetFileType
0xc301fc GetStartupInfoW
0xc30200 GetModuleFileNameA
0xc30204 FreeEnvironmentStringsW
0xc30208 GetEnvironmentStringsW
0xc3020c HeapCreate
0xc30210 HeapDestroy
0xc30214 QueryPerformanceCounter
0xc30218 HeapSize
0xc3021c WriteFile
0xc30220 RtlUnwind
0xc30224 SetFilePointer
0xc30228 GetConsoleCP
0xc3022c GetConsoleMode
0xc30230 HeapReAlloc
0xc30234 VirtualQuery
USER32.dll
0xc3023c CharUpperBuffW
kernel32.dll
0xc30244 LocalAlloc
0xc30248 LocalFree
0xc3024c GetModuleFileNameW
0xc30250 ExitProcess
0xc30254 LoadLibraryA
0xc30258 GetModuleHandleA
0xc3025c GetProcAddress
EAT(Export Address Table) is none