clip64.dll

First submission 2024-02-11 00:43:02

File details

File type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 109.5 KB (112128 bytes)
Compile time: 2024-02-10 09:20:17
MD5: dbd964c5bacfeccb4182e6c740f70916
SHA1: e2d3b6d42fd41d890632636cca32d6cb6cdb3d5a
SHA256: 13bad0cbf56b359a0fbe62ea2ea0c2c838e49fa271d7248b2938cb911b9904e0
Import Hash : 61d6334c6ae4948c906d9fa7fdf019fa
Sections 5 .text .rdata .data .rsrc .reloc
Directories 5 import export resource debug relocation
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://5.42.64.44/BlsSwk93eX/Plugins/clip64.dll VirusTotal Report 5.42.64.44 VirusTotal Report 2024-02-11 00:43:02

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x12296 74752 0ecc3f064594b0ba0bb520f64b840286a78b9e1e b1b600bf9af616efc794a2787b9a9c4f
.rdata 0x14000 0x6834 27136 88821730e55b2825adcb5d1e38bc54e7085d945d 4e8fc2fa0bea3d4b0f1f776f5e4f2f9d
.data 0x1b000 0x171c 3072 2bef35674556f60253c6482b2459c12e7120ca00 94007ac422728e7ded54b927609a22d2
.rsrc 0x1d000 0xf8 512 914726fc4cf8f6c86b752085d02a5fc8ac8e8dd2 9e45e89ccdc9f5c25bc94180fa1f3737
.reloc 0x1e000 0x14bc 5632 641bfd8a7d8f775dff48fbbd0eaf464a4b1aa92b e6a489a1f234acb7b6253056ed20466c

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x1d060 145

Packers detected 1

Borland Delphi 3.0 (???)

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
mscoree.dll
USER32.dll
WININET.dll
ClipperDLL.dll
KERNEL32.dll

Import functions

PE Exports 3 suspicious

Function Address
??4CClipperDLL@@QAEAAV0@$$QAV0@@Z 0x100011a0
??4CClipperDLL@@QAEAAV0@ABV0@@Z 0x100011a0
Main 0x10004f90
Name Latest seen MD5
clip64.dll 2024-02-01 07:03:02 858c8921fd045dd5a185cd2135d30ee2
clip64.dll 2024-02-02 10:42:02 154c3f1334dd435f562672f2664fea6b
clip64.dll 2024-02-04 19:44:02 2afdbe3b99a4736083066a13e4b5d11a