DigitalSide Threat Intel

clip.dll

First submission 2024-10-16 23:00:02 Last sumbission 2024-10-16 23:15:02

File details

File type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 127.5 KB (130560 bytes)
Compile time: 2024-09-03 21:59:32
MD5: bd38b3834594180499a656b6cf3dfab0
SHA1: 5212c8372d1f205a5bc59e03e752fcfd48f5c1b2
SHA256: 1a085e145268798a5d9cb955eb3ab785b76e5c1aef2ff60fed45d81fcb8e2421
Import Hash : 61d6334c6ae4948c906d9fa7fdf019fa
Sections 5 .text .rdata .data .rsrc .reloc
Directories 5 import export resource debug relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 54/77 VT report date: 2024-10-16 22:38:27
Malware Type 2 trojan spyware
Threat Type 3 clipbanker zusy amadey

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXp://specificsecurity.ru/NfjxzZz9jn/Plugins/clip.dll VirusTotal Report specificsecurity.ru VirusTotal Report 2024-10-16 23:15:07
hXXp://specificsecurity.ru/NfjxzZz9jn/Plugins/clip64.dll VirusTotal Report specificsecurity.ru VirusTotal Report 2024-10-16 23:00:02

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x15196 86528 f0ee6e71b324ef19531c5ce8c3c5bf0d281473ce 3ec71cf22f6d7f2f18527bccb611690c
.rdata 0x17000 0x7514 30208 e1a690793981505152e7a522013ce61e6dbef505 b42bada86ca9934d6fa49bdaa3718996
.data 0x1f000 0x1fec 5120 6eb3ab51a43d826acc2b861a90658128c9aa8f64 47194855062a9f9e40dc0935b821e7d6
.rsrc 0x21000 0xf8 512 556dad6d72965fdf2d4e270faef33671467ab7fa afd41cb39f7e6ea2c4693556d1b1867c
.reloc 0x22000 0x1b74 7168 581776ed8de2dee585d4f2d44d2df3562ad4c895 a006c0a52746f84f06458eecc34a68f4

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x21060 145

Packers detected 1

Borland Delphi 3.0 (???)

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
mscoree.dll
USER32.dll
WININET.dll
ClipperDLL.dll
KERNEL32.dll

Import functions

Function Address Souspicious Anti Debug
GlobalAlloc 0x10017000
GlobalLock 0x10017004
GlobalUnlock 0x10017008
WideCharToMultiByte 0x1001700c
Sleep 0x10017010
WriteConsoleW 0x10017014
CloseHandle 0x10017018
CreateFileW 0x1001701c
SetFilePointerEx 0x10017020
GetConsoleMode 0x10017024
GetConsoleCP 0x10017028
WriteFile 0x1001702c
FlushFileBuffers 0x10017030
SetStdHandle 0x10017034
HeapReAlloc 0x10017038
HeapSize 0x1001703c
UnhandledExceptionFilter 0x10017040
SetUnhandledExceptionFilter 0x10017044
GetCurrentProcess 0x10017048
TerminateProcess 0x1001704c
IsProcessorFeaturePresent 0x10017050
IsDebuggerPresent 0x10017054
GetStartupInfoW 0x10017058
GetModuleHandleW 0x1001705c
QueryPerformanceCounter 0x10017060
GetCurrentProcessId 0x10017064
GetCurrentThreadId 0x10017068
GetSystemTimeAsFileTime 0x1001706c
InitializeSListHead 0x10017070
RtlUnwind 0x10017074
RaiseException 0x10017078
InterlockedFlushSList 0x1001707c
GetLastError 0x10017080
SetLastError 0x10017084
EncodePointer 0x10017088
EnterCriticalSection 0x1001708c
LeaveCriticalSection 0x10017090
DeleteCriticalSection 0x10017094
InitializeCriticalSectionAndSpinCount 0x10017098
TlsAlloc 0x1001709c
TlsGetValue 0x100170a0
TlsSetValue 0x100170a4
TlsFree 0x100170a8
FreeLibrary 0x100170ac
GetProcAddress 0x100170b0
LoadLibraryExW 0x100170b4
ExitProcess 0x100170b8
GetModuleHandleExW 0x100170bc
GetModuleFileNameW 0x100170c0
HeapAlloc 0x100170c4
HeapFree 0x100170c8
FindClose 0x100170cc
FindFirstFileExW 0x100170d0
FindNextFileW 0x100170d4
IsValidCodePage 0x100170d8
GetACP 0x100170dc
GetOEMCP 0x100170e0
GetCPInfo 0x100170e4
GetCommandLineA 0x100170e8
GetCommandLineW 0x100170ec
MultiByteToWideChar 0x100170f0
GetEnvironmentStringsW 0x100170f4
FreeEnvironmentStringsW 0x100170f8
LCMapStringW 0x100170fc
GetProcessHeap 0x10017100
GetStdHandle 0x10017104
GetFileType 0x10017108
GetStringTypeW 0x1001710c
DecodePointer 0x10017110
Function Address Souspicious Anti Debug
InternetOpenW 0x10017130
InternetConnectA 0x10017134
HttpOpenRequestA 0x10017138
HttpSendRequestA 0x1001713c
InternetReadFile 0x10017140
InternetCloseHandle 0x10017144
Function Address Souspicious Anti Debug
EmptyClipboard 0x10017118
SetClipboardData 0x1001711c
CloseClipboard 0x10017120
GetClipboardData 0x10017124
OpenClipboard 0x10017128

PE Exports 3 suspicious

Function Address
??4CClipperDLL@@QAEAAV0@$$QAV0@@Z 0x10001d60
??4CClipperDLL@@QAEAAV0@ABV0@@Z 0x10001d60
Main 0x10005b50

Related files by ImpHash 7 61d6334c6ae4948c906d9fa7fdf019fa

Name Latest seen MD5
clip.dll 2024-07-21 09:04:01 8cfd7419f24c7904d2a71b5ae6ea5daa
clip.dll 2024-07-29 00:11:01 7d257e3bb8441810561e09092162df73
clip64.dll 2024-08-28 07:06:02 babfda6375b07d76f6a46af11bdc3787
clip64.dll 2024-10-16 21:40:02 b7836f044f3f89eff107ee5d2342a9a2
clip.dll 2024-10-16 22:59:02 143a210c0ca4bd09985f12b588663ab4
clip.dll 2024-10-16 22:57:01 9730e0bcf27e4265d1be56b8a7767759
clip64.dll 2024-10-16 23:16:03 b865aac4da61f8cc682d090819d12dd6