ScreenShot
| Created | 2024.04.20 09:41 | Machine | s1_win7_x6401 |
| Filename | clip64.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 56 detected (Common, Malicious, score, NetLoader, Zusy, unsafe, Clipbanker, Vtsc, confidence, 100%, Attribute, HighConfidence, high confidence, TrojanX, Amadey, kiiqgo, nquGHEI3J2D, pjgxt, R002C0DC324, evln, Detected, ai score=84, ABPWS, FIWG, ZedlaF, gu4@aymTc2hi, Deyma, GdSda, Gencirc, QzehQKeIan4, susgen) | ||
| md5 | 726cd06231883a159ec1ce28dd538699 | ||
| sha256 | 12fef2d5995d671ec0e91bdbdc91e2b0d3c90ed3a8b2b13ddaa8ad64727dcd46 | ||
| ssdeep | 3072:Q3uSD+ZwruS0bGcuZRt2sSZV/Q3IegRQod4l:AuTiabHuZRAFtlD4l | ||
| imphash | 61d6334c6ae4948c906d9fa7fdf019fa | ||
| impfuzzy | 24:uMUftdS1CMYlJeDc+pl3eDorodUSOovbOwZsvzallZuDu:UtdS1CMbc+ppXr3RzallZx | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 56 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Sends data using the HTTP POST Method |
| info | Checks if process is being debugged by a debugger |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win_Amadey_Zero | Amadey bot | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x10014000 GlobalAlloc
0x10014004 GlobalLock
0x10014008 GlobalUnlock
0x1001400c WideCharToMultiByte
0x10014010 Sleep
0x10014014 WriteConsoleW
0x10014018 CloseHandle
0x1001401c CreateFileW
0x10014020 SetFilePointerEx
0x10014024 GetConsoleMode
0x10014028 GetConsoleCP
0x1001402c WriteFile
0x10014030 FlushFileBuffers
0x10014034 SetStdHandle
0x10014038 HeapReAlloc
0x1001403c HeapSize
0x10014040 UnhandledExceptionFilter
0x10014044 SetUnhandledExceptionFilter
0x10014048 GetCurrentProcess
0x1001404c TerminateProcess
0x10014050 IsProcessorFeaturePresent
0x10014054 IsDebuggerPresent
0x10014058 GetStartupInfoW
0x1001405c GetModuleHandleW
0x10014060 QueryPerformanceCounter
0x10014064 GetCurrentProcessId
0x10014068 GetCurrentThreadId
0x1001406c GetSystemTimeAsFileTime
0x10014070 InitializeSListHead
0x10014074 RtlUnwind
0x10014078 RaiseException
0x1001407c InterlockedFlushSList
0x10014080 GetLastError
0x10014084 SetLastError
0x10014088 EncodePointer
0x1001408c EnterCriticalSection
0x10014090 LeaveCriticalSection
0x10014094 DeleteCriticalSection
0x10014098 InitializeCriticalSectionAndSpinCount
0x1001409c TlsAlloc
0x100140a0 TlsGetValue
0x100140a4 TlsSetValue
0x100140a8 TlsFree
0x100140ac FreeLibrary
0x100140b0 GetProcAddress
0x100140b4 LoadLibraryExW
0x100140b8 ExitProcess
0x100140bc GetModuleHandleExW
0x100140c0 GetModuleFileNameW
0x100140c4 HeapAlloc
0x100140c8 HeapFree
0x100140cc FindClose
0x100140d0 FindFirstFileExW
0x100140d4 FindNextFileW
0x100140d8 IsValidCodePage
0x100140dc GetACP
0x100140e0 GetOEMCP
0x100140e4 GetCPInfo
0x100140e8 GetCommandLineA
0x100140ec GetCommandLineW
0x100140f0 MultiByteToWideChar
0x100140f4 GetEnvironmentStringsW
0x100140f8 FreeEnvironmentStringsW
0x100140fc LCMapStringW
0x10014100 GetProcessHeap
0x10014104 GetStdHandle
0x10014108 GetFileType
0x1001410c GetStringTypeW
0x10014110 DecodePointer
USER32.dll
0x10014118 EmptyClipboard
0x1001411c SetClipboardData
0x10014120 CloseClipboard
0x10014124 GetClipboardData
0x10014128 OpenClipboard
WININET.dll
0x10014130 InternetOpenW
0x10014134 InternetConnectA
0x10014138 HttpOpenRequestA
0x1001413c HttpSendRequestA
0x10014140 InternetReadFile
0x10014144 InternetCloseHandle
EAT(Export Address Table) Library
0x100011a0 ??4CClipperDLL@@QAEAAV0@$$QAV0@@Z
0x100011a0 ??4CClipperDLL@@QAEAAV0@ABV0@@Z
0x10005030 Main
KERNEL32.dll
0x10014000 GlobalAlloc
0x10014004 GlobalLock
0x10014008 GlobalUnlock
0x1001400c WideCharToMultiByte
0x10014010 Sleep
0x10014014 WriteConsoleW
0x10014018 CloseHandle
0x1001401c CreateFileW
0x10014020 SetFilePointerEx
0x10014024 GetConsoleMode
0x10014028 GetConsoleCP
0x1001402c WriteFile
0x10014030 FlushFileBuffers
0x10014034 SetStdHandle
0x10014038 HeapReAlloc
0x1001403c HeapSize
0x10014040 UnhandledExceptionFilter
0x10014044 SetUnhandledExceptionFilter
0x10014048 GetCurrentProcess
0x1001404c TerminateProcess
0x10014050 IsProcessorFeaturePresent
0x10014054 IsDebuggerPresent
0x10014058 GetStartupInfoW
0x1001405c GetModuleHandleW
0x10014060 QueryPerformanceCounter
0x10014064 GetCurrentProcessId
0x10014068 GetCurrentThreadId
0x1001406c GetSystemTimeAsFileTime
0x10014070 InitializeSListHead
0x10014074 RtlUnwind
0x10014078 RaiseException
0x1001407c InterlockedFlushSList
0x10014080 GetLastError
0x10014084 SetLastError
0x10014088 EncodePointer
0x1001408c EnterCriticalSection
0x10014090 LeaveCriticalSection
0x10014094 DeleteCriticalSection
0x10014098 InitializeCriticalSectionAndSpinCount
0x1001409c TlsAlloc
0x100140a0 TlsGetValue
0x100140a4 TlsSetValue
0x100140a8 TlsFree
0x100140ac FreeLibrary
0x100140b0 GetProcAddress
0x100140b4 LoadLibraryExW
0x100140b8 ExitProcess
0x100140bc GetModuleHandleExW
0x100140c0 GetModuleFileNameW
0x100140c4 HeapAlloc
0x100140c8 HeapFree
0x100140cc FindClose
0x100140d0 FindFirstFileExW
0x100140d4 FindNextFileW
0x100140d8 IsValidCodePage
0x100140dc GetACP
0x100140e0 GetOEMCP
0x100140e4 GetCPInfo
0x100140e8 GetCommandLineA
0x100140ec GetCommandLineW
0x100140f0 MultiByteToWideChar
0x100140f4 GetEnvironmentStringsW
0x100140f8 FreeEnvironmentStringsW
0x100140fc LCMapStringW
0x10014100 GetProcessHeap
0x10014104 GetStdHandle
0x10014108 GetFileType
0x1001410c GetStringTypeW
0x10014110 DecodePointer
USER32.dll
0x10014118 EmptyClipboard
0x1001411c SetClipboardData
0x10014120 CloseClipboard
0x10014124 GetClipboardData
0x10014128 OpenClipboard
WININET.dll
0x10014130 InternetOpenW
0x10014134 InternetConnectA
0x10014138 HttpOpenRequestA
0x1001413c HttpSendRequestA
0x10014140 InternetReadFile
0x10014144 InternetCloseHandle
EAT(Export Address Table) Library
0x100011a0 ??4CClipperDLL@@QAEAAV0@$$QAV0@@Z
0x100011a0 ??4CClipperDLL@@QAEAAV0@ABV0@@Z
0x10005030 Main