Clipper[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Clipper.exe
Size

4.3MB
MD5

6e66601651af795342c1434b54ac36b0
SHA1

686d49503d1411498e082b1d27444dd2ed4a02ed
SHA256

bf15041c53c249182d0865e7c8b11f3ac9fa1fd88554b3467783f38ccaba4d09
SHA512

5b0d11f3e11edea74e7013937835996a3ad87baff827f9d82c7597258497746fa3a5d9df5772b0f4ab49d7a9b73a92e79f06d3b2fdeae3bd47a0fb1fb4528f23
SSDEEP

49152:pKoeEWkh63AxLH2EYrPsQ2ik5qcYSOh9ihToD5uDlw/rZBnzeNYOXycLms2clJg8:Kkyu6RyqfSaCArKp5aIgqSh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Clipper.exe

Files

Clipper.exe
.exe windows x64

d0c2308d5e4ee3fdc082e123a573501e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlUnwindEx
RtlPcToFileHeader
RtlVirtualUnwind
NtCancelIoFileEx
RtlLookupFunctionEntry
NtCreateFile
NtDeviceIoControlFile
RtlNtStatusToDosError
RtlCaptureContext

kernel32

ReleaseSRWLockExclusive
GetStdHandle
GetConsoleMode
WriteConsoleW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
GetModuleHandleW
FormatMessageW
GetTempPathW
GetModuleFileNameW
CreateFileW
SetFilePointerEx
GetFileInformationByHandleEx
GetFullPathNameW
FindNextFileW
CreateDirectoryW
FindFirstFileW
FindClose
GetCurrentThread
SleepEx
GetFileInformationByHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
GetCurrentProcessId
CreateNamedPipeW
CreateThread
WriteFileEx
IsDebuggerPresent
CreateEventW
CancelIo
ReadFile
ExitProcess
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFileEx
GetCurrentDirectoryW
AcquireSRWLockShared
ReleaseSRWLockShared
CopyFileExW
SleepConditionVariableSRW
WaitForMultipleObjects
WakeConditionVariable
WakeAllConditionVariable
SetFileCompletionNotificationModes
GetProcAddress
CreateIoCompletionPort
EncodePointer
TryAcquireSRWLockExclusive
InitializeSListHead
RaiseException
GetFinalPathNameByHandleW
SetLastError
GetQueuedCompletionStatusEx
AcquireSRWLockExclusive
InitializeCriticalSectionAndSpinCount
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GetTimeZoneInformation
FlushFileBuffers
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
WideCharToMultiByte
FreeLibrary
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
TlsAlloc
GetModuleHandleA
TlsGetValue
IsProcessorFeaturePresent
GetSystemInfo
SwitchToThread
TlsSetValue
HeapReAlloc
PostQueuedCompletionStatus
GetProcessHeap
TerminateProcess
HeapAlloc
GetLastError
SetThreadStackGuarantee
CloseHandle
AddVectoredExceptionHandler
GetExitCodeProcess
WaitForSingleObject
HeapFree
TlsFree
SetHandleInformation
SetUnhandledExceptionFilter
GetOverlappedResult
GetSystemTimeAsFileTime
UnhandledExceptionFilter
LoadLibraryExW

crypt32

CryptUnprotectData
CertOpenStore
CertFreeCertificateChain
CertDuplicateCertificateContext
CertDuplicateCertificateChain
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertDuplicateStore
CertCloseStore
CertGetCertificateChain
CertVerifyCertificateChainPolicy

user32

EnumDisplaySettingsExW
EnumDisplayMonitors
GetMonitorInfoW

ws2_32

socket
WSASend
setsockopt
ioctlsocket
WSASocketW
accept
listen
connect
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
recv
bind
WSAIoctl
closesocket
getsockopt
getsockname
WSAGetLastError
getpeername
shutdown
send

bcrypt

BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptGenRandom

advapi32

RegCloseKey
RegQueryValueExW
SystemFunction036
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegOpenKeyExW

secur32

EncryptMessage
FreeCredentialsHandle
AcceptSecurityContext
InitializeSecurityContextW
QueryContextAttributesW
DecryptMessage
ApplyControlToken
FreeContextBuffer
AcquireCredentialsHandleA
DeleteSecurityContext

oleaut32

SysFreeString
VariantClear
SafeArrayDestroy
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
StretchBlt
GetDIBits
GetObjectW
DeleteObject
GetDeviceCaps
DeleteDC
CreateDCW

ole32

CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx

api-ms-win-crt-string-l1-1-0

strncmp
wcsncmp
strcpy_s
strcspn
strcmp
strlen

api-ms-win-crt-math-l1-1-0

__setusermatherr
pow
_dclass
log

api-ms-win-crt-heap-l1-1-0

calloc
realloc
_set_new_mode
free
malloc
_msize

api-ms-win-crt-utility-l1-1-0

_rotl64
qsort

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_exit
_initialize_onexit_table
exit
_register_onexit_function
_register_thread_local_exe_atexit_callback
_c_exit
_crt_atexit
terminate
abort
_cexit
_seh_filter_exe
_set_app_type
__p___argv
__p___argc
_configure_narrow_argv
_initialize_narrow_environment
_initterm_e
_get_initial_narrow_environment
_beginthreadex
_initterm
_endthreadex

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0c2308d5e4ee3fdc082e123a573501e

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

crypt32

user32

ws2_32

bcrypt

advapi32

secur32

oleaut32

gdi32

ole32

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 24KB - Virtual size: 27KB

.pdata Size: 71KB - Virtual size: 70KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 29KB - Virtual size: 28KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 24KB - Virtual size: 27KB

.pdata
Size: 71KB - Virtual size: 70KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 29KB - Virtual size: 28KB