ScreenShot
| Created | 2024.10.27 12:02 | Machine | s1_win7_x6403 |
| Filename | clip64.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 45 detected (AIDetectMalware, ClipBanker, Malicious, score, Zusy, Unsafe, Ve25, confidence, Attribute, HighConfidence, high confidence, TrojanX, xbthua, Amadey, CLOUD, Detected, mljfp, ABPWS, MXXF, Artemis, Outbreak, GdSda) | ||
| md5 | 9fcac34b8162651f29288e1ffff9394d | ||
| sha256 | 61e770436568881a68dc2c4db3e84f33a89f5d7068f5988582c133cbe7c9519c | ||
| ssdeep | 3072:odUmIYSBYZuziT7Sgmu1ErYn/YoZ3SNq0l9ZidU1epo:TBY7yASgb1ErY3Z309odUwpo | ||
| imphash | fdb088ba51afbf555d7a0f495212d8f1 | ||
| impfuzzy | 24:uMUYtdS1CMYlJeDc+pl3eDorodUSOovbOwZsvzallZuDu:vtdS1CMbc+ppXr3RzallZx | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks if process is being debugged by a debugger |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win_Amadey_Zero | Amadey bot | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x10016000 GlobalAlloc
0x10016004 GlobalLock
0x10016008 GlobalUnlock
0x1001600c WideCharToMultiByte
0x10016010 Sleep
0x10016014 WriteConsoleW
0x10016018 CloseHandle
0x1001601c CreateFileW
0x10016020 SetFilePointerEx
0x10016024 GetConsoleMode
0x10016028 GetConsoleOutputCP
0x1001602c WriteFile
0x10016030 FlushFileBuffers
0x10016034 SetStdHandle
0x10016038 HeapReAlloc
0x1001603c HeapSize
0x10016040 UnhandledExceptionFilter
0x10016044 SetUnhandledExceptionFilter
0x10016048 GetCurrentProcess
0x1001604c TerminateProcess
0x10016050 IsProcessorFeaturePresent
0x10016054 IsDebuggerPresent
0x10016058 GetStartupInfoW
0x1001605c GetModuleHandleW
0x10016060 QueryPerformanceCounter
0x10016064 GetCurrentProcessId
0x10016068 GetCurrentThreadId
0x1001606c GetSystemTimeAsFileTime
0x10016070 InitializeSListHead
0x10016074 RtlUnwind
0x10016078 RaiseException
0x1001607c InterlockedFlushSList
0x10016080 GetLastError
0x10016084 SetLastError
0x10016088 EncodePointer
0x1001608c EnterCriticalSection
0x10016090 LeaveCriticalSection
0x10016094 DeleteCriticalSection
0x10016098 InitializeCriticalSectionAndSpinCount
0x1001609c TlsAlloc
0x100160a0 TlsGetValue
0x100160a4 TlsSetValue
0x100160a8 TlsFree
0x100160ac FreeLibrary
0x100160b0 GetProcAddress
0x100160b4 LoadLibraryExW
0x100160b8 ExitProcess
0x100160bc GetModuleHandleExW
0x100160c0 GetModuleFileNameW
0x100160c4 HeapAlloc
0x100160c8 HeapFree
0x100160cc FindClose
0x100160d0 FindFirstFileExW
0x100160d4 FindNextFileW
0x100160d8 IsValidCodePage
0x100160dc GetACP
0x100160e0 GetOEMCP
0x100160e4 GetCPInfo
0x100160e8 GetCommandLineA
0x100160ec GetCommandLineW
0x100160f0 MultiByteToWideChar
0x100160f4 GetEnvironmentStringsW
0x100160f8 FreeEnvironmentStringsW
0x100160fc LCMapStringW
0x10016100 GetProcessHeap
0x10016104 GetStdHandle
0x10016108 GetFileType
0x1001610c GetStringTypeW
0x10016110 DecodePointer
USER32.dll
0x10016118 EmptyClipboard
0x1001611c SetClipboardData
0x10016120 CloseClipboard
0x10016124 GetClipboardData
0x10016128 OpenClipboard
WININET.dll
0x10016130 InternetOpenW
0x10016134 InternetConnectA
0x10016138 HttpOpenRequestA
0x1001613c HttpSendRequestA
0x10016140 InternetReadFile
0x10016144 InternetCloseHandle
EAT(Export Address Table) Library
0x10001d60 ??4CClipperDLL@@QAEAAV0@$$QAV0@@Z
0x10001d60 ??4CClipperDLL@@QAEAAV0@ABV0@@Z
0x100059a0 Main
KERNEL32.dll
0x10016000 GlobalAlloc
0x10016004 GlobalLock
0x10016008 GlobalUnlock
0x1001600c WideCharToMultiByte
0x10016010 Sleep
0x10016014 WriteConsoleW
0x10016018 CloseHandle
0x1001601c CreateFileW
0x10016020 SetFilePointerEx
0x10016024 GetConsoleMode
0x10016028 GetConsoleOutputCP
0x1001602c WriteFile
0x10016030 FlushFileBuffers
0x10016034 SetStdHandle
0x10016038 HeapReAlloc
0x1001603c HeapSize
0x10016040 UnhandledExceptionFilter
0x10016044 SetUnhandledExceptionFilter
0x10016048 GetCurrentProcess
0x1001604c TerminateProcess
0x10016050 IsProcessorFeaturePresent
0x10016054 IsDebuggerPresent
0x10016058 GetStartupInfoW
0x1001605c GetModuleHandleW
0x10016060 QueryPerformanceCounter
0x10016064 GetCurrentProcessId
0x10016068 GetCurrentThreadId
0x1001606c GetSystemTimeAsFileTime
0x10016070 InitializeSListHead
0x10016074 RtlUnwind
0x10016078 RaiseException
0x1001607c InterlockedFlushSList
0x10016080 GetLastError
0x10016084 SetLastError
0x10016088 EncodePointer
0x1001608c EnterCriticalSection
0x10016090 LeaveCriticalSection
0x10016094 DeleteCriticalSection
0x10016098 InitializeCriticalSectionAndSpinCount
0x1001609c TlsAlloc
0x100160a0 TlsGetValue
0x100160a4 TlsSetValue
0x100160a8 TlsFree
0x100160ac FreeLibrary
0x100160b0 GetProcAddress
0x100160b4 LoadLibraryExW
0x100160b8 ExitProcess
0x100160bc GetModuleHandleExW
0x100160c0 GetModuleFileNameW
0x100160c4 HeapAlloc
0x100160c8 HeapFree
0x100160cc FindClose
0x100160d0 FindFirstFileExW
0x100160d4 FindNextFileW
0x100160d8 IsValidCodePage
0x100160dc GetACP
0x100160e0 GetOEMCP
0x100160e4 GetCPInfo
0x100160e8 GetCommandLineA
0x100160ec GetCommandLineW
0x100160f0 MultiByteToWideChar
0x100160f4 GetEnvironmentStringsW
0x100160f8 FreeEnvironmentStringsW
0x100160fc LCMapStringW
0x10016100 GetProcessHeap
0x10016104 GetStdHandle
0x10016108 GetFileType
0x1001610c GetStringTypeW
0x10016110 DecodePointer
USER32.dll
0x10016118 EmptyClipboard
0x1001611c SetClipboardData
0x10016120 CloseClipboard
0x10016124 GetClipboardData
0x10016128 OpenClipboard
WININET.dll
0x10016130 InternetOpenW
0x10016134 InternetConnectA
0x10016138 HttpOpenRequestA
0x1001613c HttpSendRequestA
0x10016140 InternetReadFile
0x10016144 InternetCloseHandle
EAT(Export Address Table) Library
0x10001d60 ??4CClipperDLL@@QAEAAV0@$$QAV0@@Z
0x10001d60 ??4CClipperDLL@@QAEAAV0@ABV0@@Z
0x100059a0 Main