DigitalSide Threat Intel

clip64.dll

First submission 2024-10-16 23:14:03 Last sumbission 2024-10-16 23:16:03

File details

File type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 127.5 KB (130560 bytes)
Compile time: 2024-08-18 09:13:24
MD5: b865aac4da61f8cc682d090819d12dd6
SHA1: f626d2e34d1fad090b3bec8f1851ccf2bf3ebd7d
SHA256: 27a75d2c9b14504bd050efad65a47195ef3d79a8b5f6338c1d022607897b17f3
Import Hash : 61d6334c6ae4948c906d9fa7fdf019fa
Sections 5 .text .rdata .data .rsrc .reloc
Directories 5 import export resource debug relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 54/77 VT report date: 2024-10-16 22:38:09
Malware Type 2 trojan spyware
Threat Type 3 clipbanker zusy amadey

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXp://amoamosss.com/Dem7kTu/Plugins/clip64.dll VirusTotal Report amoamosss.com VirusTotal Report 2024-10-16 23:16:05
hXXp://amoamosss.com/Dem7kTu/Plugins/clip.dll VirusTotal Report amoamosss.com VirusTotal Report 2024-10-16 23:14:03

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x15196 86528 a226706d03e3b544a2fc8563f843be11874db9b9 4a7a23b4f2e31cba4b61dde618028e54
.rdata 0x17000 0x7484 30208 d705ae1f17cbf516611fc64d0ed6c5f7bc3a7bac 8d11fb02495b46e08b38c32f596061cb
.data 0x1f000 0x1fec 5120 6eb3ab51a43d826acc2b861a90658128c9aa8f64 47194855062a9f9e40dc0935b821e7d6
.rsrc 0x21000 0xf8 512 556dad6d72965fdf2d4e270faef33671467ab7fa afd41cb39f7e6ea2c4693556d1b1867c
.reloc 0x22000 0x1b74 7168 a341b97c54669501d7c1f3153bb8112e91998c0e 198e2af552621b3e5788e524a653b98b

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x21060 145

Packers detected 1

Borland Delphi 3.0 (???)

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
mscoree.dll
USER32.dll
WININET.dll
ClipperDLL.dll
KERNEL32.dll

Import functions

Function Address Souspicious Anti Debug
GlobalAlloc 0x10017000
GlobalLock 0x10017004
GlobalUnlock 0x10017008
WideCharToMultiByte 0x1001700c
Sleep 0x10017010
WriteConsoleW 0x10017014
CloseHandle 0x10017018
CreateFileW 0x1001701c
SetFilePointerEx 0x10017020
GetConsoleMode 0x10017024
GetConsoleCP 0x10017028
WriteFile 0x1001702c
FlushFileBuffers 0x10017030
SetStdHandle 0x10017034
HeapReAlloc 0x10017038
HeapSize 0x1001703c
UnhandledExceptionFilter 0x10017040
SetUnhandledExceptionFilter 0x10017044
GetCurrentProcess 0x10017048
TerminateProcess 0x1001704c
IsProcessorFeaturePresent 0x10017050
IsDebuggerPresent 0x10017054
GetStartupInfoW 0x10017058
GetModuleHandleW 0x1001705c
QueryPerformanceCounter 0x10017060
GetCurrentProcessId 0x10017064
GetCurrentThreadId 0x10017068
GetSystemTimeAsFileTime 0x1001706c
InitializeSListHead 0x10017070
RtlUnwind 0x10017074
RaiseException 0x10017078
InterlockedFlushSList 0x1001707c
GetLastError 0x10017080
SetLastError 0x10017084
EncodePointer 0x10017088
EnterCriticalSection 0x1001708c
LeaveCriticalSection 0x10017090
DeleteCriticalSection 0x10017094
InitializeCriticalSectionAndSpinCount 0x10017098
TlsAlloc 0x1001709c
TlsGetValue 0x100170a0
TlsSetValue 0x100170a4
TlsFree 0x100170a8
FreeLibrary 0x100170ac
GetProcAddress 0x100170b0
LoadLibraryExW 0x100170b4
ExitProcess 0x100170b8
GetModuleHandleExW 0x100170bc
GetModuleFileNameW 0x100170c0
HeapAlloc 0x100170c4
HeapFree 0x100170c8
FindClose 0x100170cc
FindFirstFileExW 0x100170d0
FindNextFileW 0x100170d4
IsValidCodePage 0x100170d8
GetACP 0x100170dc
GetOEMCP 0x100170e0
GetCPInfo 0x100170e4
GetCommandLineA 0x100170e8
GetCommandLineW 0x100170ec
MultiByteToWideChar 0x100170f0
GetEnvironmentStringsW 0x100170f4
FreeEnvironmentStringsW 0x100170f8
LCMapStringW 0x100170fc
GetProcessHeap 0x10017100
GetStdHandle 0x10017104
GetFileType 0x10017108
GetStringTypeW 0x1001710c
DecodePointer 0x10017110
Function Address Souspicious Anti Debug
InternetOpenW 0x10017130
InternetConnectA 0x10017134
HttpOpenRequestA 0x10017138
HttpSendRequestA 0x1001713c
InternetReadFile 0x10017140
InternetCloseHandle 0x10017144
Function Address Souspicious Anti Debug
EmptyClipboard 0x10017118
SetClipboardData 0x1001711c
CloseClipboard 0x10017120
GetClipboardData 0x10017124
OpenClipboard 0x10017128

PE Exports 3 suspicious

Function Address
??4CClipperDLL@@QAEAAV0@$$QAV0@@Z 0x10001d60
??4CClipperDLL@@QAEAAV0@ABV0@@Z 0x10001d60
Main 0x10005b50

Related files by ImpHash 7 61d6334c6ae4948c906d9fa7fdf019fa

Name Latest seen MD5
clip.dll 2024-07-21 09:04:01 8cfd7419f24c7904d2a71b5ae6ea5daa
clip.dll 2024-07-29 00:11:01 7d257e3bb8441810561e09092162df73
clip64.dll 2024-08-28 07:06:02 babfda6375b07d76f6a46af11bdc3787
clip64.dll 2024-10-16 21:40:02 b7836f044f3f89eff107ee5d2342a9a2
clip.dll 2024-10-16 22:59:02 143a210c0ca4bd09985f12b588663ab4
clip.dll 2024-10-16 22:57:01 9730e0bcf27e4265d1be56b8a7767759
clip.dll 2024-10-16 23:15:02 bd38b3834594180499a656b6cf3dfab0