DigitalSide Threat Intel

clip64.dll

First submission 2024-10-16 21:37:02 Last sumbission 2024-10-16 21:40:02

File details

File type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 109.5 KB (112128 bytes)
Compile time: 2024-02-19 22:01:43
MD5: b7836f044f3f89eff107ee5d2342a9a2
SHA1: 3ab02fb0f2bbe2c6843a77350f9cb13525c2f99e
SHA256: d26fcd5a0eebab415e12ecde6af40bf62541a5e9f4322071236354b85acd32da
Import Hash : 61d6334c6ae4948c906d9fa7fdf019fa
Sections 5 .text .rdata .data .rsrc .reloc
Directories 5 import export resource debug relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 54/79 VT report date: 2024-08-18 15:08:57
Malware Type 1 trojan
Threat Type 3 clipbanker zusy amadey

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXp://185.11.61.121/h8s9k20gnb2/Plugins/clip64.dll VirusTotal Report 185.11.61.121 VirusTotal Report 2024-10-16 21:40:05
hXXp://185.11.61.121/h8s9k20gnb2/Plugins/clip.dll VirusTotal Report 185.11.61.121 VirusTotal Report 2024-10-16 21:37:02

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x12336 74752 fba6c35cfefefdcac58e21d246c8e9232581547f fbc6579a343e97588566db2c9ca0432b
.rdata 0x14000 0x6934 27136 1b262beec041bd7aa17f34393ff1543f1a912906 bba4bace0824261a9c8770e1ba4f7d87
.data 0x1b000 0x171c 3072 2bef35674556f60253c6482b2459c12e7120ca00 94007ac422728e7ded54b927609a22d2
.rsrc 0x1d000 0xf8 512 914726fc4cf8f6c86b752085d02a5fc8ac8e8dd2 9e45e89ccdc9f5c25bc94180fa1f3737
.reloc 0x1e000 0x14d4 5632 d7e3c487891207850432f3ac1c7bf1cb28c108a1 0d4d48595d91c36c63c2d416d429f9ed

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x1d060 145

Packers detected 1

Borland Delphi 3.0 (???)

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
mscoree.dll
USER32.dll
WININET.dll
ClipperDLL.dll
KERNEL32.dll

Import functions

Function Address Souspicious Anti Debug
GlobalAlloc 0x10014000
GlobalLock 0x10014004
GlobalUnlock 0x10014008
WideCharToMultiByte 0x1001400c
Sleep 0x10014010
WriteConsoleW 0x10014014
CloseHandle 0x10014018
CreateFileW 0x1001401c
SetFilePointerEx 0x10014020
GetConsoleMode 0x10014024
GetConsoleCP 0x10014028
WriteFile 0x1001402c
FlushFileBuffers 0x10014030
SetStdHandle 0x10014034
HeapReAlloc 0x10014038
HeapSize 0x1001403c
UnhandledExceptionFilter 0x10014040
SetUnhandledExceptionFilter 0x10014044
GetCurrentProcess 0x10014048
TerminateProcess 0x1001404c
IsProcessorFeaturePresent 0x10014050
IsDebuggerPresent 0x10014054
GetStartupInfoW 0x10014058
GetModuleHandleW 0x1001405c
QueryPerformanceCounter 0x10014060
GetCurrentProcessId 0x10014064
GetCurrentThreadId 0x10014068
GetSystemTimeAsFileTime 0x1001406c
InitializeSListHead 0x10014070
RtlUnwind 0x10014074
RaiseException 0x10014078
InterlockedFlushSList 0x1001407c
GetLastError 0x10014080
SetLastError 0x10014084
EncodePointer 0x10014088
EnterCriticalSection 0x1001408c
LeaveCriticalSection 0x10014090
DeleteCriticalSection 0x10014094
InitializeCriticalSectionAndSpinCount 0x10014098
TlsAlloc 0x1001409c
TlsGetValue 0x100140a0
TlsSetValue 0x100140a4
TlsFree 0x100140a8
FreeLibrary 0x100140ac
GetProcAddress 0x100140b0
LoadLibraryExW 0x100140b4
ExitProcess 0x100140b8
GetModuleHandleExW 0x100140bc
GetModuleFileNameW 0x100140c0
HeapAlloc 0x100140c4
HeapFree 0x100140c8
FindClose 0x100140cc
FindFirstFileExW 0x100140d0
FindNextFileW 0x100140d4
IsValidCodePage 0x100140d8
GetACP 0x100140dc
GetOEMCP 0x100140e0
GetCPInfo 0x100140e4
GetCommandLineA 0x100140e8
GetCommandLineW 0x100140ec
MultiByteToWideChar 0x100140f0
GetEnvironmentStringsW 0x100140f4
FreeEnvironmentStringsW 0x100140f8
LCMapStringW 0x100140fc
GetProcessHeap 0x10014100
GetStdHandle 0x10014104
GetFileType 0x10014108
GetStringTypeW 0x1001410c
DecodePointer 0x10014110
Function Address Souspicious Anti Debug
InternetOpenW 0x10014130
InternetConnectA 0x10014134
HttpOpenRequestA 0x10014138
HttpSendRequestA 0x1001413c
InternetReadFile 0x10014140
InternetCloseHandle 0x10014144
Function Address Souspicious Anti Debug
EmptyClipboard 0x10014118
SetClipboardData 0x1001411c
CloseClipboard 0x10014120
GetClipboardData 0x10014124
OpenClipboard 0x10014128

PE Exports 3 suspicious

Function Address
??4CClipperDLL@@QAEAAV0@$$QAV0@@Z 0x100011a0
??4CClipperDLL@@QAEAAV0@ABV0@@Z 0x100011a0
Main 0x10005030

Related files by ImpHash 7 61d6334c6ae4948c906d9fa7fdf019fa

Name Latest seen MD5
clip.dll 2024-07-21 09:04:01 8cfd7419f24c7904d2a71b5ae6ea5daa
clip.dll 2024-07-29 00:11:01 7d257e3bb8441810561e09092162df73
clip64.dll 2024-08-28 07:06:02 babfda6375b07d76f6a46af11bdc3787
clip.dll 2024-10-16 22:59:02 143a210c0ca4bd09985f12b588663ab4
clip.dll 2024-10-16 22:57:01 9730e0bcf27e4265d1be56b8a7767759
clip.dll 2024-10-16 23:15:02 bd38b3834594180499a656b6cf3dfab0
clip64.dll 2024-10-16 23:16:03 b865aac4da61f8cc682d090819d12dd6