ScreenShot
Created | 2023.06.14 19:31 | Machine | s1_win7_x6401 |
Filename | clip64.dll | ||
Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 51 detected (NataDecoAAT, Zusy, GenericPMF, S29595454, unsafe, Amadey, V55m, malicious, confidence, 100%, ZedlaF, fu4@aqrRw@ni, GPBN, Attribute, HighConfidence, high confidence, score, Clipper, juivsg, Kryptik, BotX, Generic@AI, RDML, UOvjVOFWo3+5kBV55m4AZg, AGEN, R002C0DF723, FUUW, ejvu, ai score=87, Detected, GdSda, Gencirc) | ||
md5 | 77a6fdd6c731f7da07ffc412c9f17347 | ||
sha256 | 9f564eb9675e6159111b6d0b1ddf6389dc3d93cefd314443bf5a2b7e73c59946 | ||
ssdeep | 1536:Qo4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJUzKaB89p:QoUCWbBNpplToUs1uNhj25LJUOaB89p | ||
imphash | 52982bbab8b9d5eafbb4ec438626f86a | ||
impfuzzy | 24:ltmS1IYlJnc+MLl3eDorodUSOovbOwZsvwjMfla/lh:ltmS1I2c+MLpXr3RXla/lh |
Network IP location
Signature (4cnts)
Level | Description |
---|---|
danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
notice | Allocates read-write-execute memory (usually to unpack itself) |
info | Checks if process is being debugged by a debugger |
info | This executable has a PDB path |
Rules (7cnts)
Level | Name | Description | Collection |
---|---|---|---|
watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsDLL | (no description) | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1000f000 GlobalAlloc
0x1000f004 GlobalLock
0x1000f008 GlobalUnlock
0x1000f00c WideCharToMultiByte
0x1000f010 Sleep
0x1000f014 WriteConsoleW
0x1000f018 CloseHandle
0x1000f01c CreateFileW
0x1000f020 SetFilePointerEx
0x1000f024 IsProcessorFeaturePresent
0x1000f028 IsDebuggerPresent
0x1000f02c UnhandledExceptionFilter
0x1000f030 SetUnhandledExceptionFilter
0x1000f034 GetStartupInfoW
0x1000f038 GetModuleHandleW
0x1000f03c QueryPerformanceCounter
0x1000f040 GetCurrentProcessId
0x1000f044 GetCurrentThreadId
0x1000f048 GetSystemTimeAsFileTime
0x1000f04c InitializeSListHead
0x1000f050 GetCurrentProcess
0x1000f054 TerminateProcess
0x1000f058 RaiseException
0x1000f05c InterlockedFlushSList
0x1000f060 GetLastError
0x1000f064 SetLastError
0x1000f068 EnterCriticalSection
0x1000f06c LeaveCriticalSection
0x1000f070 DeleteCriticalSection
0x1000f074 RtlUnwind
0x1000f078 InitializeCriticalSectionAndSpinCount
0x1000f07c TlsAlloc
0x1000f080 TlsGetValue
0x1000f084 TlsSetValue
0x1000f088 TlsFree
0x1000f08c FreeLibrary
0x1000f090 GetProcAddress
0x1000f094 LoadLibraryExW
0x1000f098 ExitProcess
0x1000f09c GetModuleHandleExW
0x1000f0a0 GetModuleFileNameW
0x1000f0a4 HeapAlloc
0x1000f0a8 HeapFree
0x1000f0ac FindClose
0x1000f0b0 FindFirstFileExW
0x1000f0b4 FindNextFileW
0x1000f0b8 IsValidCodePage
0x1000f0bc GetACP
0x1000f0c0 GetOEMCP
0x1000f0c4 GetCPInfo
0x1000f0c8 GetCommandLineA
0x1000f0cc GetCommandLineW
0x1000f0d0 MultiByteToWideChar
0x1000f0d4 GetEnvironmentStringsW
0x1000f0d8 FreeEnvironmentStringsW
0x1000f0dc LCMapStringW
0x1000f0e0 GetProcessHeap
0x1000f0e4 GetStdHandle
0x1000f0e8 GetFileType
0x1000f0ec GetStringTypeW
0x1000f0f0 HeapSize
0x1000f0f4 HeapReAlloc
0x1000f0f8 SetStdHandle
0x1000f0fc FlushFileBuffers
0x1000f100 WriteFile
0x1000f104 GetConsoleCP
0x1000f108 GetConsoleMode
0x1000f10c DecodePointer
USER32.dll
0x1000f114 SetClipboardData
0x1000f118 EmptyClipboard
0x1000f11c OpenClipboard
0x1000f120 CloseClipboard
0x1000f124 GetClipboardData
EAT(Export Address Table) Library
0x10001120 ??4CClipperDLL@@QAEAAV0@$$QAV0@@Z
0x10001120 ??4CClipperDLL@@QAEAAV0@ABV0@@Z
0x10003040 Main
KERNEL32.dll
0x1000f000 GlobalAlloc
0x1000f004 GlobalLock
0x1000f008 GlobalUnlock
0x1000f00c WideCharToMultiByte
0x1000f010 Sleep
0x1000f014 WriteConsoleW
0x1000f018 CloseHandle
0x1000f01c CreateFileW
0x1000f020 SetFilePointerEx
0x1000f024 IsProcessorFeaturePresent
0x1000f028 IsDebuggerPresent
0x1000f02c UnhandledExceptionFilter
0x1000f030 SetUnhandledExceptionFilter
0x1000f034 GetStartupInfoW
0x1000f038 GetModuleHandleW
0x1000f03c QueryPerformanceCounter
0x1000f040 GetCurrentProcessId
0x1000f044 GetCurrentThreadId
0x1000f048 GetSystemTimeAsFileTime
0x1000f04c InitializeSListHead
0x1000f050 GetCurrentProcess
0x1000f054 TerminateProcess
0x1000f058 RaiseException
0x1000f05c InterlockedFlushSList
0x1000f060 GetLastError
0x1000f064 SetLastError
0x1000f068 EnterCriticalSection
0x1000f06c LeaveCriticalSection
0x1000f070 DeleteCriticalSection
0x1000f074 RtlUnwind
0x1000f078 InitializeCriticalSectionAndSpinCount
0x1000f07c TlsAlloc
0x1000f080 TlsGetValue
0x1000f084 TlsSetValue
0x1000f088 TlsFree
0x1000f08c FreeLibrary
0x1000f090 GetProcAddress
0x1000f094 LoadLibraryExW
0x1000f098 ExitProcess
0x1000f09c GetModuleHandleExW
0x1000f0a0 GetModuleFileNameW
0x1000f0a4 HeapAlloc
0x1000f0a8 HeapFree
0x1000f0ac FindClose
0x1000f0b0 FindFirstFileExW
0x1000f0b4 FindNextFileW
0x1000f0b8 IsValidCodePage
0x1000f0bc GetACP
0x1000f0c0 GetOEMCP
0x1000f0c4 GetCPInfo
0x1000f0c8 GetCommandLineA
0x1000f0cc GetCommandLineW
0x1000f0d0 MultiByteToWideChar
0x1000f0d4 GetEnvironmentStringsW
0x1000f0d8 FreeEnvironmentStringsW
0x1000f0dc LCMapStringW
0x1000f0e0 GetProcessHeap
0x1000f0e4 GetStdHandle
0x1000f0e8 GetFileType
0x1000f0ec GetStringTypeW
0x1000f0f0 HeapSize
0x1000f0f4 HeapReAlloc
0x1000f0f8 SetStdHandle
0x1000f0fc FlushFileBuffers
0x1000f100 WriteFile
0x1000f104 GetConsoleCP
0x1000f108 GetConsoleMode
0x1000f10c DecodePointer
USER32.dll
0x1000f114 SetClipboardData
0x1000f118 EmptyClipboard
0x1000f11c OpenClipboard
0x1000f120 CloseClipboard
0x1000f124 GetClipboardData
EAT(Export Address Table) Library
0x10001120 ??4CClipperDLL@@QAEAAV0@$$QAV0@@Z
0x10001120 ??4CClipperDLL@@QAEAAV0@ABV0@@Z
0x10003040 Main