ScreenShot
| Created | 2024.10.17 10:57 | Machine | s1_win7_x6403 |
| Filename | clip.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 54 detected (AIDetectMalware, ClipBanker, Malicious, score, Zusy, Unsafe, V6by, confidence, Attribute, HighConfidence, high confidence, TrojanX, Amadey, SpyBot, kpzgmh, nquGHEI3J2D, xacmi, R002C0DI524, extk, Detected, Malware@#lgt2qxfigjq2, ABPWS, YBKL, Artemis, GdSda, Gencirc) | ||
| md5 | bd38b3834594180499a656b6cf3dfab0 | ||
| sha256 | 1a085e145268798a5d9cb955eb3ab785b76e5c1aef2ff60fed45d81fcb8e2421 | ||
| ssdeep | 3072:T8hfQUx++uUwqUjWkuVPfrHaa/09adnw62xm4+5j:ARQUELNjTuVPTaQwA5j | ||
| imphash | 61d6334c6ae4948c906d9fa7fdf019fa | ||
| impfuzzy | 24:uMUftdS1CMYlJeDc+pl3eDorodUSOovbOwZsvzallZuDu:UtdS1CMbc+ppXr3RzallZx | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 54 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Sends data using the HTTP POST Method |
| info | Checks if process is being debugged by a debugger |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win_Amadey_Zero | Amadey bot | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (6cnts) ?
Suricata ids
ET DROP Spamhaus DROP Listed Traffic Inbound group 8
ET DROP Dshield Block Listed Source group 1
ET DROP Dshield Block Listed Source group 1
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x10017000 GlobalAlloc
0x10017004 GlobalLock
0x10017008 GlobalUnlock
0x1001700c WideCharToMultiByte
0x10017010 Sleep
0x10017014 WriteConsoleW
0x10017018 CloseHandle
0x1001701c CreateFileW
0x10017020 SetFilePointerEx
0x10017024 GetConsoleMode
0x10017028 GetConsoleCP
0x1001702c WriteFile
0x10017030 FlushFileBuffers
0x10017034 SetStdHandle
0x10017038 HeapReAlloc
0x1001703c HeapSize
0x10017040 UnhandledExceptionFilter
0x10017044 SetUnhandledExceptionFilter
0x10017048 GetCurrentProcess
0x1001704c TerminateProcess
0x10017050 IsProcessorFeaturePresent
0x10017054 IsDebuggerPresent
0x10017058 GetStartupInfoW
0x1001705c GetModuleHandleW
0x10017060 QueryPerformanceCounter
0x10017064 GetCurrentProcessId
0x10017068 GetCurrentThreadId
0x1001706c GetSystemTimeAsFileTime
0x10017070 InitializeSListHead
0x10017074 RtlUnwind
0x10017078 RaiseException
0x1001707c InterlockedFlushSList
0x10017080 GetLastError
0x10017084 SetLastError
0x10017088 EncodePointer
0x1001708c EnterCriticalSection
0x10017090 LeaveCriticalSection
0x10017094 DeleteCriticalSection
0x10017098 InitializeCriticalSectionAndSpinCount
0x1001709c TlsAlloc
0x100170a0 TlsGetValue
0x100170a4 TlsSetValue
0x100170a8 TlsFree
0x100170ac FreeLibrary
0x100170b0 GetProcAddress
0x100170b4 LoadLibraryExW
0x100170b8 ExitProcess
0x100170bc GetModuleHandleExW
0x100170c0 GetModuleFileNameW
0x100170c4 HeapAlloc
0x100170c8 HeapFree
0x100170cc FindClose
0x100170d0 FindFirstFileExW
0x100170d4 FindNextFileW
0x100170d8 IsValidCodePage
0x100170dc GetACP
0x100170e0 GetOEMCP
0x100170e4 GetCPInfo
0x100170e8 GetCommandLineA
0x100170ec GetCommandLineW
0x100170f0 MultiByteToWideChar
0x100170f4 GetEnvironmentStringsW
0x100170f8 FreeEnvironmentStringsW
0x100170fc LCMapStringW
0x10017100 GetProcessHeap
0x10017104 GetStdHandle
0x10017108 GetFileType
0x1001710c GetStringTypeW
0x10017110 DecodePointer
USER32.dll
0x10017118 EmptyClipboard
0x1001711c SetClipboardData
0x10017120 CloseClipboard
0x10017124 GetClipboardData
0x10017128 OpenClipboard
WININET.dll
0x10017130 InternetOpenW
0x10017134 InternetConnectA
0x10017138 HttpOpenRequestA
0x1001713c HttpSendRequestA
0x10017140 InternetReadFile
0x10017144 InternetCloseHandle
EAT(Export Address Table) Library
0x10001d60 ??4CClipperDLL@@QAEAAV0@$$QAV0@@Z
0x10001d60 ??4CClipperDLL@@QAEAAV0@ABV0@@Z
0x10005b50 Main
KERNEL32.dll
0x10017000 GlobalAlloc
0x10017004 GlobalLock
0x10017008 GlobalUnlock
0x1001700c WideCharToMultiByte
0x10017010 Sleep
0x10017014 WriteConsoleW
0x10017018 CloseHandle
0x1001701c CreateFileW
0x10017020 SetFilePointerEx
0x10017024 GetConsoleMode
0x10017028 GetConsoleCP
0x1001702c WriteFile
0x10017030 FlushFileBuffers
0x10017034 SetStdHandle
0x10017038 HeapReAlloc
0x1001703c HeapSize
0x10017040 UnhandledExceptionFilter
0x10017044 SetUnhandledExceptionFilter
0x10017048 GetCurrentProcess
0x1001704c TerminateProcess
0x10017050 IsProcessorFeaturePresent
0x10017054 IsDebuggerPresent
0x10017058 GetStartupInfoW
0x1001705c GetModuleHandleW
0x10017060 QueryPerformanceCounter
0x10017064 GetCurrentProcessId
0x10017068 GetCurrentThreadId
0x1001706c GetSystemTimeAsFileTime
0x10017070 InitializeSListHead
0x10017074 RtlUnwind
0x10017078 RaiseException
0x1001707c InterlockedFlushSList
0x10017080 GetLastError
0x10017084 SetLastError
0x10017088 EncodePointer
0x1001708c EnterCriticalSection
0x10017090 LeaveCriticalSection
0x10017094 DeleteCriticalSection
0x10017098 InitializeCriticalSectionAndSpinCount
0x1001709c TlsAlloc
0x100170a0 TlsGetValue
0x100170a4 TlsSetValue
0x100170a8 TlsFree
0x100170ac FreeLibrary
0x100170b0 GetProcAddress
0x100170b4 LoadLibraryExW
0x100170b8 ExitProcess
0x100170bc GetModuleHandleExW
0x100170c0 GetModuleFileNameW
0x100170c4 HeapAlloc
0x100170c8 HeapFree
0x100170cc FindClose
0x100170d0 FindFirstFileExW
0x100170d4 FindNextFileW
0x100170d8 IsValidCodePage
0x100170dc GetACP
0x100170e0 GetOEMCP
0x100170e4 GetCPInfo
0x100170e8 GetCommandLineA
0x100170ec GetCommandLineW
0x100170f0 MultiByteToWideChar
0x100170f4 GetEnvironmentStringsW
0x100170f8 FreeEnvironmentStringsW
0x100170fc LCMapStringW
0x10017100 GetProcessHeap
0x10017104 GetStdHandle
0x10017108 GetFileType
0x1001710c GetStringTypeW
0x10017110 DecodePointer
USER32.dll
0x10017118 EmptyClipboard
0x1001711c SetClipboardData
0x10017120 CloseClipboard
0x10017124 GetClipboardData
0x10017128 OpenClipboard
WININET.dll
0x10017130 InternetOpenW
0x10017134 InternetConnectA
0x10017138 HttpOpenRequestA
0x1001713c HttpSendRequestA
0x10017140 InternetReadFile
0x10017144 InternetCloseHandle
EAT(Export Address Table) Library
0x10001d60 ??4CClipperDLL@@QAEAAV0@$$QAV0@@Z
0x10001d60 ??4CClipperDLL@@QAEAAV0@ABV0@@Z
0x10005b50 Main