ScreenShot
| Created | 2023.05.25 17:44 | Machine | s1_win7_x6401 |
| Filename | clp5.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 26 detected (Lazy, malicious, ClipBanker, Eldorado, Attribute, HighConfidence, score, Drixed, Wacapew, Detected, R580891, ai score=84, NsOahloFUMG, susgen, confidence) | ||
| md5 | a541e034129465229c0fe10ecfcb2703 | ||
| sha256 | 8289719f27cfdb3e066acf74f9645dceddff1eae764b605b12e18b2af2907e7e | ||
| ssdeep | 98304:Bf8hkG8XVZWT/FIVxQp6+ZQ0a8wmNCw9wSWe46GwYxOcyRvG4dhlA:e8FMZIwZA8wmkwyZCncivG4 | ||
| imphash | d14ac171253cf4e289cd276f47898b08 | ||
| impfuzzy | 96:0PUHJcpVYMS1YtuBgPpn6wcI1AXJ4Zcp+AjxtvuGzvVq:MQWnOZ4pgc | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140575000 Process32NextW
0x140575008 GlobalSize
0x140575010 GetSystemDirectoryA
0x140575018 GlobalAlloc
0x140575020 Process32FirstW
0x140575028 CloseHandle
0x140575030 GlobalLock
0x140575038 GlobalUnlock
0x140575040 WriteConsoleW
0x140575048 HeapSize
0x140575050 GetProcessHeap
0x140575058 SetStdHandle
0x140575060 SetEnvironmentVariableW
0x140575068 FreeEnvironmentStringsW
0x140575070 GetEnvironmentStringsW
0x140575078 GetLastError
0x140575080 Sleep
0x140575088 CreateToolhelp32Snapshot
0x140575090 CreateMutexA
0x140575098 VirtualAlloc
0x1405750a0 WinExec
0x1405750a8 GetModuleFileNameA
0x1405750b0 MultiByteToWideChar
0x1405750b8 LocalFree
0x1405750c0 FormatMessageA
0x1405750c8 CreateDirectoryW
0x1405750d0 CreateFileW
0x1405750d8 FindClose
0x1405750e0 FindFirstFileExW
0x1405750e8 FindNextFileW
0x1405750f0 SetEndOfFile
0x1405750f8 SetFilePointerEx
0x140575100 AreFileApisANSI
0x140575108 WideCharToMultiByte
0x140575110 GetStringTypeW
0x140575118 LCMapStringEx
0x140575120 EnterCriticalSection
0x140575128 LeaveCriticalSection
0x140575130 InitializeCriticalSectionEx
0x140575138 DeleteCriticalSection
0x140575140 EncodePointer
0x140575148 DecodePointer
0x140575150 CompareStringEx
0x140575158 GetCPInfo
0x140575160 QueryPerformanceCounter
0x140575168 GetCurrentProcessId
0x140575170 GetCurrentThreadId
0x140575178 GetSystemTimeAsFileTime
0x140575180 InitializeSListHead
0x140575188 RtlCaptureContext
0x140575190 RtlLookupFunctionEntry
0x140575198 RtlVirtualUnwind
0x1405751a0 IsDebuggerPresent
0x1405751a8 UnhandledExceptionFilter
0x1405751b0 SetUnhandledExceptionFilter
0x1405751b8 GetStartupInfoW
0x1405751c0 IsProcessorFeaturePresent
0x1405751c8 GetModuleHandleW
0x1405751d0 GetCurrentProcess
0x1405751d8 TerminateProcess
0x1405751e0 RtlUnwindEx
0x1405751e8 RtlPcToFileHeader
0x1405751f0 RaiseException
0x1405751f8 SetLastError
0x140575200 InitializeCriticalSectionAndSpinCount
0x140575208 TlsAlloc
0x140575210 TlsGetValue
0x140575218 TlsSetValue
0x140575220 TlsFree
0x140575228 FreeLibrary
0x140575230 GetProcAddress
0x140575238 LoadLibraryExW
0x140575240 ReadFile
0x140575248 ExitProcess
0x140575250 GetModuleHandleExW
0x140575258 GetStdHandle
0x140575260 WriteFile
0x140575268 GetModuleFileNameW
0x140575270 GetCommandLineA
0x140575278 GetCommandLineW
0x140575280 GetConsoleMode
0x140575288 ReadConsoleW
0x140575290 GetFileType
0x140575298 GetFileSizeEx
0x1405752a0 FlushFileBuffers
0x1405752a8 GetConsoleOutputCP
0x1405752b0 HeapFree
0x1405752b8 HeapReAlloc
0x1405752c0 HeapAlloc
0x1405752c8 FlsAlloc
0x1405752d0 FlsGetValue
0x1405752d8 FlsSetValue
0x1405752e0 FlsFree
0x1405752e8 CompareStringW
0x1405752f0 LCMapStringW
0x1405752f8 GetLocaleInfoW
0x140575300 IsValidLocale
0x140575308 GetUserDefaultLCID
0x140575310 EnumSystemLocalesW
0x140575318 IsValidCodePage
0x140575320 GetACP
0x140575328 GetOEMCP
0x140575330 RtlUnwind
USER32.dll
0x140575340 EmptyClipboard
0x140575348 GetClipboardData
0x140575350 SetClipboardData
0x140575358 CloseClipboard
0x140575360 OpenClipboard
ADVAPI32.dll
0x140575370 RegQueryInfoKeyW
0x140575378 RegCreateKeyExA
0x140575380 RegSetValueExA
0x140575388 RegOpenKeyExA
0x140575390 RegEnumKeyExA
0x140575398 RegCloseKey
KERNEL32.dll
0x1405753a8 GetSystemTimeAsFileTime
0x1405753b0 CreateEventA
0x1405753b8 GetModuleHandleA
0x1405753c0 TerminateProcess
0x1405753c8 GetCurrentProcess
0x1405753d0 CreateToolhelp32Snapshot
0x1405753d8 Thread32First
0x1405753e0 GetCurrentProcessId
0x1405753e8 GetCurrentThreadId
0x1405753f0 OpenThread
0x1405753f8 Thread32Next
0x140575400 CloseHandle
0x140575408 SuspendThread
0x140575410 ResumeThread
0x140575418 WriteProcessMemory
0x140575420 GetSystemInfo
0x140575428 VirtualAlloc
0x140575430 VirtualProtect
0x140575438 VirtualFree
0x140575440 GetProcessAffinityMask
0x140575448 SetProcessAffinityMask
0x140575450 GetCurrentThread
0x140575458 SetThreadAffinityMask
0x140575460 Sleep
0x140575468 LoadLibraryA
0x140575470 FreeLibrary
0x140575478 GetTickCount
0x140575480 SystemTimeToFileTime
0x140575488 FileTimeToSystemTime
0x140575490 GlobalFree
0x140575498 HeapAlloc
0x1405754a0 HeapFree
0x1405754a8 GetProcAddress
0x1405754b0 ExitProcess
0x1405754b8 EnterCriticalSection
0x1405754c0 LeaveCriticalSection
0x1405754c8 InitializeCriticalSection
0x1405754d0 DeleteCriticalSection
0x1405754d8 MultiByteToWideChar
0x1405754e0 GetModuleHandleW
0x1405754e8 LoadResource
0x1405754f0 FindResourceExW
0x1405754f8 FindResourceExA
0x140575500 WideCharToMultiByte
0x140575508 GetThreadLocale
0x140575510 GetUserDefaultLCID
0x140575518 GetSystemDefaultLCID
0x140575520 EnumResourceNamesA
0x140575528 EnumResourceNamesW
0x140575530 EnumResourceLanguagesA
0x140575538 EnumResourceLanguagesW
0x140575540 EnumResourceTypesA
0x140575548 EnumResourceTypesW
0x140575550 CreateFileW
0x140575558 LoadLibraryW
0x140575560 GetLastError
0x140575568 FlushFileBuffers
0x140575570 FlsSetValue
0x140575578 GetCommandLineA
0x140575580 GetCPInfo
0x140575588 GetACP
0x140575590 GetOEMCP
0x140575598 IsValidCodePage
0x1405755a0 EncodePointer
0x1405755a8 DecodePointer
0x1405755b0 FlsGetValue
0x1405755b8 FlsFree
0x1405755c0 SetLastError
0x1405755c8 FlsAlloc
0x1405755d0 UnhandledExceptionFilter
0x1405755d8 SetUnhandledExceptionFilter
0x1405755e0 IsDebuggerPresent
0x1405755e8 RtlVirtualUnwind
0x1405755f0 RtlLookupFunctionEntry
0x1405755f8 RtlCaptureContext
0x140575600 RaiseException
0x140575608 RtlPcToFileHeader
0x140575610 RtlUnwindEx
0x140575618 LCMapStringA
0x140575620 LCMapStringW
0x140575628 SetHandleCount
0x140575630 GetStdHandle
0x140575638 GetFileType
0x140575640 GetStartupInfoA
0x140575648 GetModuleFileNameA
0x140575650 FreeEnvironmentStringsA
0x140575658 GetEnvironmentStrings
0x140575660 FreeEnvironmentStringsW
0x140575668 GetEnvironmentStringsW
0x140575670 HeapSetInformation
0x140575678 HeapCreate
0x140575680 HeapDestroy
0x140575688 QueryPerformanceCounter
0x140575690 GetStringTypeA
0x140575698 GetStringTypeW
0x1405756a0 GetLocaleInfoA
0x1405756a8 HeapSize
0x1405756b0 WriteFile
0x1405756b8 SetFilePointer
0x1405756c0 GetConsoleCP
0x1405756c8 GetConsoleMode
0x1405756d0 HeapReAlloc
0x1405756d8 InitializeCriticalSectionAndSpinCount
0x1405756e0 SetStdHandle
0x1405756e8 WriteConsoleA
0x1405756f0 GetConsoleOutputCP
0x1405756f8 WriteConsoleW
0x140575700 CreateFileA
EAT(Export Address Table) is none
KERNEL32.dll
0x140575000 Process32NextW
0x140575008 GlobalSize
0x140575010 GetSystemDirectoryA
0x140575018 GlobalAlloc
0x140575020 Process32FirstW
0x140575028 CloseHandle
0x140575030 GlobalLock
0x140575038 GlobalUnlock
0x140575040 WriteConsoleW
0x140575048 HeapSize
0x140575050 GetProcessHeap
0x140575058 SetStdHandle
0x140575060 SetEnvironmentVariableW
0x140575068 FreeEnvironmentStringsW
0x140575070 GetEnvironmentStringsW
0x140575078 GetLastError
0x140575080 Sleep
0x140575088 CreateToolhelp32Snapshot
0x140575090 CreateMutexA
0x140575098 VirtualAlloc
0x1405750a0 WinExec
0x1405750a8 GetModuleFileNameA
0x1405750b0 MultiByteToWideChar
0x1405750b8 LocalFree
0x1405750c0 FormatMessageA
0x1405750c8 CreateDirectoryW
0x1405750d0 CreateFileW
0x1405750d8 FindClose
0x1405750e0 FindFirstFileExW
0x1405750e8 FindNextFileW
0x1405750f0 SetEndOfFile
0x1405750f8 SetFilePointerEx
0x140575100 AreFileApisANSI
0x140575108 WideCharToMultiByte
0x140575110 GetStringTypeW
0x140575118 LCMapStringEx
0x140575120 EnterCriticalSection
0x140575128 LeaveCriticalSection
0x140575130 InitializeCriticalSectionEx
0x140575138 DeleteCriticalSection
0x140575140 EncodePointer
0x140575148 DecodePointer
0x140575150 CompareStringEx
0x140575158 GetCPInfo
0x140575160 QueryPerformanceCounter
0x140575168 GetCurrentProcessId
0x140575170 GetCurrentThreadId
0x140575178 GetSystemTimeAsFileTime
0x140575180 InitializeSListHead
0x140575188 RtlCaptureContext
0x140575190 RtlLookupFunctionEntry
0x140575198 RtlVirtualUnwind
0x1405751a0 IsDebuggerPresent
0x1405751a8 UnhandledExceptionFilter
0x1405751b0 SetUnhandledExceptionFilter
0x1405751b8 GetStartupInfoW
0x1405751c0 IsProcessorFeaturePresent
0x1405751c8 GetModuleHandleW
0x1405751d0 GetCurrentProcess
0x1405751d8 TerminateProcess
0x1405751e0 RtlUnwindEx
0x1405751e8 RtlPcToFileHeader
0x1405751f0 RaiseException
0x1405751f8 SetLastError
0x140575200 InitializeCriticalSectionAndSpinCount
0x140575208 TlsAlloc
0x140575210 TlsGetValue
0x140575218 TlsSetValue
0x140575220 TlsFree
0x140575228 FreeLibrary
0x140575230 GetProcAddress
0x140575238 LoadLibraryExW
0x140575240 ReadFile
0x140575248 ExitProcess
0x140575250 GetModuleHandleExW
0x140575258 GetStdHandle
0x140575260 WriteFile
0x140575268 GetModuleFileNameW
0x140575270 GetCommandLineA
0x140575278 GetCommandLineW
0x140575280 GetConsoleMode
0x140575288 ReadConsoleW
0x140575290 GetFileType
0x140575298 GetFileSizeEx
0x1405752a0 FlushFileBuffers
0x1405752a8 GetConsoleOutputCP
0x1405752b0 HeapFree
0x1405752b8 HeapReAlloc
0x1405752c0 HeapAlloc
0x1405752c8 FlsAlloc
0x1405752d0 FlsGetValue
0x1405752d8 FlsSetValue
0x1405752e0 FlsFree
0x1405752e8 CompareStringW
0x1405752f0 LCMapStringW
0x1405752f8 GetLocaleInfoW
0x140575300 IsValidLocale
0x140575308 GetUserDefaultLCID
0x140575310 EnumSystemLocalesW
0x140575318 IsValidCodePage
0x140575320 GetACP
0x140575328 GetOEMCP
0x140575330 RtlUnwind
USER32.dll
0x140575340 EmptyClipboard
0x140575348 GetClipboardData
0x140575350 SetClipboardData
0x140575358 CloseClipboard
0x140575360 OpenClipboard
ADVAPI32.dll
0x140575370 RegQueryInfoKeyW
0x140575378 RegCreateKeyExA
0x140575380 RegSetValueExA
0x140575388 RegOpenKeyExA
0x140575390 RegEnumKeyExA
0x140575398 RegCloseKey
KERNEL32.dll
0x1405753a8 GetSystemTimeAsFileTime
0x1405753b0 CreateEventA
0x1405753b8 GetModuleHandleA
0x1405753c0 TerminateProcess
0x1405753c8 GetCurrentProcess
0x1405753d0 CreateToolhelp32Snapshot
0x1405753d8 Thread32First
0x1405753e0 GetCurrentProcessId
0x1405753e8 GetCurrentThreadId
0x1405753f0 OpenThread
0x1405753f8 Thread32Next
0x140575400 CloseHandle
0x140575408 SuspendThread
0x140575410 ResumeThread
0x140575418 WriteProcessMemory
0x140575420 GetSystemInfo
0x140575428 VirtualAlloc
0x140575430 VirtualProtect
0x140575438 VirtualFree
0x140575440 GetProcessAffinityMask
0x140575448 SetProcessAffinityMask
0x140575450 GetCurrentThread
0x140575458 SetThreadAffinityMask
0x140575460 Sleep
0x140575468 LoadLibraryA
0x140575470 FreeLibrary
0x140575478 GetTickCount
0x140575480 SystemTimeToFileTime
0x140575488 FileTimeToSystemTime
0x140575490 GlobalFree
0x140575498 HeapAlloc
0x1405754a0 HeapFree
0x1405754a8 GetProcAddress
0x1405754b0 ExitProcess
0x1405754b8 EnterCriticalSection
0x1405754c0 LeaveCriticalSection
0x1405754c8 InitializeCriticalSection
0x1405754d0 DeleteCriticalSection
0x1405754d8 MultiByteToWideChar
0x1405754e0 GetModuleHandleW
0x1405754e8 LoadResource
0x1405754f0 FindResourceExW
0x1405754f8 FindResourceExA
0x140575500 WideCharToMultiByte
0x140575508 GetThreadLocale
0x140575510 GetUserDefaultLCID
0x140575518 GetSystemDefaultLCID
0x140575520 EnumResourceNamesA
0x140575528 EnumResourceNamesW
0x140575530 EnumResourceLanguagesA
0x140575538 EnumResourceLanguagesW
0x140575540 EnumResourceTypesA
0x140575548 EnumResourceTypesW
0x140575550 CreateFileW
0x140575558 LoadLibraryW
0x140575560 GetLastError
0x140575568 FlushFileBuffers
0x140575570 FlsSetValue
0x140575578 GetCommandLineA
0x140575580 GetCPInfo
0x140575588 GetACP
0x140575590 GetOEMCP
0x140575598 IsValidCodePage
0x1405755a0 EncodePointer
0x1405755a8 DecodePointer
0x1405755b0 FlsGetValue
0x1405755b8 FlsFree
0x1405755c0 SetLastError
0x1405755c8 FlsAlloc
0x1405755d0 UnhandledExceptionFilter
0x1405755d8 SetUnhandledExceptionFilter
0x1405755e0 IsDebuggerPresent
0x1405755e8 RtlVirtualUnwind
0x1405755f0 RtlLookupFunctionEntry
0x1405755f8 RtlCaptureContext
0x140575600 RaiseException
0x140575608 RtlPcToFileHeader
0x140575610 RtlUnwindEx
0x140575618 LCMapStringA
0x140575620 LCMapStringW
0x140575628 SetHandleCount
0x140575630 GetStdHandle
0x140575638 GetFileType
0x140575640 GetStartupInfoA
0x140575648 GetModuleFileNameA
0x140575650 FreeEnvironmentStringsA
0x140575658 GetEnvironmentStrings
0x140575660 FreeEnvironmentStringsW
0x140575668 GetEnvironmentStringsW
0x140575670 HeapSetInformation
0x140575678 HeapCreate
0x140575680 HeapDestroy
0x140575688 QueryPerformanceCounter
0x140575690 GetStringTypeA
0x140575698 GetStringTypeW
0x1405756a0 GetLocaleInfoA
0x1405756a8 HeapSize
0x1405756b0 WriteFile
0x1405756b8 SetFilePointer
0x1405756c0 GetConsoleCP
0x1405756c8 GetConsoleMode
0x1405756d0 HeapReAlloc
0x1405756d8 InitializeCriticalSectionAndSpinCount
0x1405756e0 SetStdHandle
0x1405756e8 WriteConsoleA
0x1405756f0 GetConsoleOutputCP
0x1405756f8 WriteConsoleW
0x140575700 CreateFileA
EAT(Export Address Table) is none