ScreenShot
| Created | 2024.09.19 10:02 | Machine | s1_win7_x6403 |
| Filename | clip.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 57 detected (AIDetectMalware, ClipBanker, Malicious, score, Caynamer, Infected, Heur3, FuW@aqmI89fab, Unsafe, Fragtor, Vkaa, confidence, Genus, Attribute, HighConfidence, high confidence, MalwareX, TrojanBanker, CLOUD, rfuqj, AMADEY, YXEINZ, Real Protect, Static AI, Malicious PE, FuW@aqmI89, Detected, Malware@#14lobtiynyuq4, Wacatac, ABTrojan, ZEGB, Artemis, Chgt, Gencirc, susgen, PossibleThreat) | ||
| md5 | 6ca0b0717cfa0684963ff129abb8dce9 | ||
| sha256 | 2500aa539a7a5ae690d830fae6a2b89e26ba536f8751ba554e9f4967d48e6cfa | ||
| ssdeep | 6144:paNY2RhksAZnFcHQgu6NRvBf03SJRvX2CRXZGS9PlUlAREoghgAOAw7hB1:cN5CsIFcHQHGRvVrL99PSoghgKwl | ||
| imphash | 35f27bc0ac1cdb6dacd786947214021f | ||
| impfuzzy | 24:UMUfucHUc+g/JBlvDX7toS1xGha93PtdOovbOTv7yWkjsXLZofAlZalq:lc+0V7toS1xG85tI3zOqZIAlZalq | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 57 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x45c000 Sleep
0x45c004 GlobalAlloc
0x45c008 GlobalLock
0x45c00c GlobalUnlock
0x45c010 FlushFileBuffers
0x45c014 SetFilePointerEx
0x45c018 GetConsoleMode
0x45c01c GetConsoleCP
0x45c020 SetStdHandle
0x45c024 SetEnvironmentVariableA
0x45c028 FreeEnvironmentStringsW
0x45c02c GetEnvironmentStringsW
0x45c030 GetOEMCP
0x45c034 IsValidCodePage
0x45c038 EnterCriticalSection
0x45c03c LeaveCriticalSection
0x45c040 DeleteCriticalSection
0x45c044 MultiByteToWideChar
0x45c048 WideCharToMultiByte
0x45c04c EncodePointer
0x45c050 DecodePointer
0x45c054 GetCPInfo
0x45c058 SetLastError
0x45c05c InitializeCriticalSectionAndSpinCount
0x45c060 TlsAlloc
0x45c064 TlsGetValue
0x45c068 TlsSetValue
0x45c06c TlsFree
0x45c070 GetSystemTimeAsFileTime
0x45c074 GetModuleHandleW
0x45c078 GetProcAddress
0x45c07c CompareStringW
0x45c080 LCMapStringW
0x45c084 GetLocaleInfoW
0x45c088 GetStringTypeW
0x45c08c UnhandledExceptionFilter
0x45c090 SetUnhandledExceptionFilter
0x45c094 GetCurrentProcess
0x45c098 TerminateProcess
0x45c09c IsProcessorFeaturePresent
0x45c0a0 IsDebuggerPresent
0x45c0a4 GetStartupInfoW
0x45c0a8 QueryPerformanceCounter
0x45c0ac GetCurrentProcessId
0x45c0b0 GetCurrentThreadId
0x45c0b4 InitializeSListHead
0x45c0b8 RaiseException
0x45c0bc RtlUnwind
0x45c0c0 GetLastError
0x45c0c4 FreeLibrary
0x45c0c8 LoadLibraryExW
0x45c0cc GetModuleFileNameA
0x45c0d0 GetModuleFileNameW
0x45c0d4 GetModuleHandleExW
0x45c0d8 HeapAlloc
0x45c0dc HeapValidate
0x45c0e0 GetSystemInfo
0x45c0e4 ExitProcess
0x45c0e8 GetStdHandle
0x45c0ec WriteFile
0x45c0f0 GetCommandLineA
0x45c0f4 GetCommandLineW
0x45c0f8 GetACP
0x45c0fc GetFileType
0x45c100 OutputDebugStringA
0x45c104 OutputDebugStringW
0x45c108 WriteConsoleW
0x45c10c CloseHandle
0x45c110 WaitForSingleObjectEx
0x45c114 CreateThread
0x45c118 HeapFree
0x45c11c HeapReAlloc
0x45c120 HeapSize
0x45c124 HeapQueryInformation
0x45c128 GetProcessHeap
0x45c12c IsValidLocale
0x45c130 GetUserDefaultLCID
0x45c134 EnumSystemLocalesW
0x45c138 FindClose
0x45c13c FindFirstFileExA
0x45c140 FindNextFileA
0x45c144 CreateFileW
USER32.dll
0x45c14c SetClipboardData
0x45c150 GetClipboardData
0x45c154 EmptyClipboard
0x45c158 CloseClipboard
0x45c15c OpenClipboard
WININET.dll
0x45c164 InternetOpenW
0x45c168 InternetCloseHandle
0x45c16c InternetReadFile
0x45c170 InternetOpenUrlA
EAT(Export Address Table) is none
KERNEL32.dll
0x45c000 Sleep
0x45c004 GlobalAlloc
0x45c008 GlobalLock
0x45c00c GlobalUnlock
0x45c010 FlushFileBuffers
0x45c014 SetFilePointerEx
0x45c018 GetConsoleMode
0x45c01c GetConsoleCP
0x45c020 SetStdHandle
0x45c024 SetEnvironmentVariableA
0x45c028 FreeEnvironmentStringsW
0x45c02c GetEnvironmentStringsW
0x45c030 GetOEMCP
0x45c034 IsValidCodePage
0x45c038 EnterCriticalSection
0x45c03c LeaveCriticalSection
0x45c040 DeleteCriticalSection
0x45c044 MultiByteToWideChar
0x45c048 WideCharToMultiByte
0x45c04c EncodePointer
0x45c050 DecodePointer
0x45c054 GetCPInfo
0x45c058 SetLastError
0x45c05c InitializeCriticalSectionAndSpinCount
0x45c060 TlsAlloc
0x45c064 TlsGetValue
0x45c068 TlsSetValue
0x45c06c TlsFree
0x45c070 GetSystemTimeAsFileTime
0x45c074 GetModuleHandleW
0x45c078 GetProcAddress
0x45c07c CompareStringW
0x45c080 LCMapStringW
0x45c084 GetLocaleInfoW
0x45c088 GetStringTypeW
0x45c08c UnhandledExceptionFilter
0x45c090 SetUnhandledExceptionFilter
0x45c094 GetCurrentProcess
0x45c098 TerminateProcess
0x45c09c IsProcessorFeaturePresent
0x45c0a0 IsDebuggerPresent
0x45c0a4 GetStartupInfoW
0x45c0a8 QueryPerformanceCounter
0x45c0ac GetCurrentProcessId
0x45c0b0 GetCurrentThreadId
0x45c0b4 InitializeSListHead
0x45c0b8 RaiseException
0x45c0bc RtlUnwind
0x45c0c0 GetLastError
0x45c0c4 FreeLibrary
0x45c0c8 LoadLibraryExW
0x45c0cc GetModuleFileNameA
0x45c0d0 GetModuleFileNameW
0x45c0d4 GetModuleHandleExW
0x45c0d8 HeapAlloc
0x45c0dc HeapValidate
0x45c0e0 GetSystemInfo
0x45c0e4 ExitProcess
0x45c0e8 GetStdHandle
0x45c0ec WriteFile
0x45c0f0 GetCommandLineA
0x45c0f4 GetCommandLineW
0x45c0f8 GetACP
0x45c0fc GetFileType
0x45c100 OutputDebugStringA
0x45c104 OutputDebugStringW
0x45c108 WriteConsoleW
0x45c10c CloseHandle
0x45c110 WaitForSingleObjectEx
0x45c114 CreateThread
0x45c118 HeapFree
0x45c11c HeapReAlloc
0x45c120 HeapSize
0x45c124 HeapQueryInformation
0x45c128 GetProcessHeap
0x45c12c IsValidLocale
0x45c130 GetUserDefaultLCID
0x45c134 EnumSystemLocalesW
0x45c138 FindClose
0x45c13c FindFirstFileExA
0x45c140 FindNextFileA
0x45c144 CreateFileW
USER32.dll
0x45c14c SetClipboardData
0x45c150 GetClipboardData
0x45c154 EmptyClipboard
0x45c158 CloseClipboard
0x45c15c OpenClipboard
WININET.dll
0x45c164 InternetOpenW
0x45c168 InternetCloseHandle
0x45c16c InternetReadFile
0x45c170 InternetOpenUrlA
EAT(Export Address Table) is none