ScreenShot
| Created | 2023.10.27 18:04 | Machine | s1_win7_x6403 |
| Filename | clip64.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 49 detected (AIDetectMalware, malicious, high confidence, Zusy, NetLoader, FUUW, Clipper, Amadey, Vh6k, confidence, 100%, Attribute, HighConfidence, AFGA, kcgsdq, UaFrdoZ2D2N, nfeub, R002C0DJL23, Detected, ABRisk, LYRV, score, ZedlaF, gu4@aK0AsCpi, ai score=88, unsafe, GdSda, Gencirc, BotX) | ||
| md5 | ceffd8c6661b875b67ca5e4540950d8b | ||
| sha256 | da0bf5520986c2fb92fa9658ee2fcbb07ee531e09f901f299722c0d14e994ed2 | ||
| ssdeep | 3072:bHEjxEfCk+EeY22JosmvWuQRRIQrT7xUD0YNS60Z:DsqqdLsOWuQRbaHNS60Z | ||
| imphash | 91452bf3259a3ff5928a3bb7f6be301a | ||
| impfuzzy | 24:uMUItmS1IYlJnc+MLl3eDorodUSOovbOwZsvzallZuDu:TtmS1I2c+MLpXr3RzallZx | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 49 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Sends data using the HTTP POST Method |
| info | Checks if process is being debugged by a debugger |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win_Amadey_Zero | Amadey bot | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x10012000 GlobalAlloc
0x10012004 GlobalLock
0x10012008 GlobalUnlock
0x1001200c WideCharToMultiByte
0x10012010 Sleep
0x10012014 WriteConsoleW
0x10012018 CloseHandle
0x1001201c CreateFileW
0x10012020 SetFilePointerEx
0x10012024 GetConsoleMode
0x10012028 GetConsoleCP
0x1001202c WriteFile
0x10012030 FlushFileBuffers
0x10012034 SetStdHandle
0x10012038 HeapReAlloc
0x1001203c HeapSize
0x10012040 IsProcessorFeaturePresent
0x10012044 IsDebuggerPresent
0x10012048 UnhandledExceptionFilter
0x1001204c SetUnhandledExceptionFilter
0x10012050 GetStartupInfoW
0x10012054 GetModuleHandleW
0x10012058 QueryPerformanceCounter
0x1001205c GetCurrentProcessId
0x10012060 GetCurrentThreadId
0x10012064 GetSystemTimeAsFileTime
0x10012068 InitializeSListHead
0x1001206c GetCurrentProcess
0x10012070 TerminateProcess
0x10012074 RaiseException
0x10012078 InterlockedFlushSList
0x1001207c GetLastError
0x10012080 SetLastError
0x10012084 EnterCriticalSection
0x10012088 LeaveCriticalSection
0x1001208c DeleteCriticalSection
0x10012090 RtlUnwind
0x10012094 InitializeCriticalSectionAndSpinCount
0x10012098 TlsAlloc
0x1001209c TlsGetValue
0x100120a0 TlsSetValue
0x100120a4 TlsFree
0x100120a8 FreeLibrary
0x100120ac GetProcAddress
0x100120b0 LoadLibraryExW
0x100120b4 ExitProcess
0x100120b8 GetModuleHandleExW
0x100120bc GetModuleFileNameW
0x100120c0 HeapAlloc
0x100120c4 HeapFree
0x100120c8 FindClose
0x100120cc FindFirstFileExW
0x100120d0 FindNextFileW
0x100120d4 IsValidCodePage
0x100120d8 GetACP
0x100120dc GetOEMCP
0x100120e0 GetCPInfo
0x100120e4 GetCommandLineA
0x100120e8 GetCommandLineW
0x100120ec MultiByteToWideChar
0x100120f0 GetEnvironmentStringsW
0x100120f4 FreeEnvironmentStringsW
0x100120f8 LCMapStringW
0x100120fc GetProcessHeap
0x10012100 GetStdHandle
0x10012104 GetFileType
0x10012108 GetStringTypeW
0x1001210c DecodePointer
USER32.dll
0x10012114 EmptyClipboard
0x10012118 SetClipboardData
0x1001211c CloseClipboard
0x10012120 GetClipboardData
0x10012124 OpenClipboard
WININET.dll
0x1001212c InternetOpenW
0x10012130 InternetConnectA
0x10012134 HttpOpenRequestA
0x10012138 HttpSendRequestA
0x1001213c InternetReadFile
0x10012140 InternetCloseHandle
EAT(Export Address Table) Library
0x100011a0 ??4CClipperDLL@@QAEAAV0@$$QAV0@@Z
0x100011a0 ??4CClipperDLL@@QAEAAV0@ABV0@@Z
0x100053f0 Main
KERNEL32.dll
0x10012000 GlobalAlloc
0x10012004 GlobalLock
0x10012008 GlobalUnlock
0x1001200c WideCharToMultiByte
0x10012010 Sleep
0x10012014 WriteConsoleW
0x10012018 CloseHandle
0x1001201c CreateFileW
0x10012020 SetFilePointerEx
0x10012024 GetConsoleMode
0x10012028 GetConsoleCP
0x1001202c WriteFile
0x10012030 FlushFileBuffers
0x10012034 SetStdHandle
0x10012038 HeapReAlloc
0x1001203c HeapSize
0x10012040 IsProcessorFeaturePresent
0x10012044 IsDebuggerPresent
0x10012048 UnhandledExceptionFilter
0x1001204c SetUnhandledExceptionFilter
0x10012050 GetStartupInfoW
0x10012054 GetModuleHandleW
0x10012058 QueryPerformanceCounter
0x1001205c GetCurrentProcessId
0x10012060 GetCurrentThreadId
0x10012064 GetSystemTimeAsFileTime
0x10012068 InitializeSListHead
0x1001206c GetCurrentProcess
0x10012070 TerminateProcess
0x10012074 RaiseException
0x10012078 InterlockedFlushSList
0x1001207c GetLastError
0x10012080 SetLastError
0x10012084 EnterCriticalSection
0x10012088 LeaveCriticalSection
0x1001208c DeleteCriticalSection
0x10012090 RtlUnwind
0x10012094 InitializeCriticalSectionAndSpinCount
0x10012098 TlsAlloc
0x1001209c TlsGetValue
0x100120a0 TlsSetValue
0x100120a4 TlsFree
0x100120a8 FreeLibrary
0x100120ac GetProcAddress
0x100120b0 LoadLibraryExW
0x100120b4 ExitProcess
0x100120b8 GetModuleHandleExW
0x100120bc GetModuleFileNameW
0x100120c0 HeapAlloc
0x100120c4 HeapFree
0x100120c8 FindClose
0x100120cc FindFirstFileExW
0x100120d0 FindNextFileW
0x100120d4 IsValidCodePage
0x100120d8 GetACP
0x100120dc GetOEMCP
0x100120e0 GetCPInfo
0x100120e4 GetCommandLineA
0x100120e8 GetCommandLineW
0x100120ec MultiByteToWideChar
0x100120f0 GetEnvironmentStringsW
0x100120f4 FreeEnvironmentStringsW
0x100120f8 LCMapStringW
0x100120fc GetProcessHeap
0x10012100 GetStdHandle
0x10012104 GetFileType
0x10012108 GetStringTypeW
0x1001210c DecodePointer
USER32.dll
0x10012114 EmptyClipboard
0x10012118 SetClipboardData
0x1001211c CloseClipboard
0x10012120 GetClipboardData
0x10012124 OpenClipboard
WININET.dll
0x1001212c InternetOpenW
0x10012130 InternetConnectA
0x10012134 HttpOpenRequestA
0x10012138 HttpSendRequestA
0x1001213c InternetReadFile
0x10012140 InternetCloseHandle
EAT(Export Address Table) Library
0x100011a0 ??4CClipperDLL@@QAEAAV0@$$QAV0@@Z
0x100011a0 ??4CClipperDLL@@QAEAAV0@ABV0@@Z
0x100053f0 Main