Backdoor.MSIL.ClipBanker.RG
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 9,328 |
| Threat Level: | 60 % (Medium) |
| Infected Computers: | 391 |
| First Seen: | October 8, 2023 |
| Last Seen: | April 4, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Backdoor.MSIL.ClipBanker.RG |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
10832260cead49e61736ebc68766f64b
SHA1:
d459ea6f935e5334c7101f3c0c05d23cbe76bba7
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
729ff7869802f6ccb5c914c9db80be03
SHA1:
7a2827fa51d44d41f0bfad5fd63154a94ffa715b
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
1742e0562e286c3145f63b9dd7c896ab
SHA1:
06cb8c04ab3df383d50d99631f021ff8da42134d
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
04dd7d94439d330b47ebe63e653784d5
SHA1:
d4d349e84e0438de6a20071c5046e612f8166e18
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
141dc1e8b2d7f09d3b71527f9c85c0c9
SHA1:
e8926eb1b49b83032b4a6e28853c8db8db6a032d
File Size:
147.46 KB, 147456 bytes
|
Show More
|
MD5:
f700cb4e5b116b589972559db72b1e1c
SHA1:
3d78900d7621ed96fb7090a057eebc688982d01e
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
40cc9e444b7f9a545330d082abd98991
SHA1:
e394317dd0104e7024b017f6ad6ba9c6dbadb5de
SHA256:
2363DAD8690F21FF5AB30A9C82DD1E8F2A203F63707CFE9DA649D761FEA38898
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
594aecd94c5fec61b737ec1ecc9074cf
SHA1:
c02a6ef8890a996e22a6f97d11dc1ac106c04dc5
SHA256:
952ECC2B448D8D3D6158F1F4700C404BD72F9B1E0C1F11ECE722B77E65DC9905
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
465f67343b0989a445fe3e4821d8c2b3
SHA1:
6d57d4236176277f5595cf7e6c4bb19b4f94b7b7
SHA256:
262D47190431F35CA59A996E0F2BC51553D95EB1027A4B19B4F42F4817FE81DA
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
21b324d6175e63cfc6ca24784e85cd3b
SHA1:
3fda14c839efec1c425bc41995c3dfae07790673
SHA256:
616836AB7174887A63B65D71E98879F1E736F0FD0C46C8D0E80CB3E1237CF603
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
e1a5cd11e5c4f4e03c2d7705879bc786
SHA1:
3783cf34651265eaff8b2af7dafff2091873b3c2
SHA256:
3F782774FA3E9DA243B76F80269E5AD22E982E8CF87F6F6D89F83503B20DEC5C
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
ea63da09070a5f7bf04924d36deabfbb
SHA1:
87658ab8f1d083c6a1fa6c10a97aeec0b011af1e
SHA256:
F35AB5A3D819715AD4638306BBFE7A2E5DFAE08DD27E29035F4F19AA128218D5
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
56d438d6d2394ea1e2d75c0f76e74464
SHA1:
8f727423c44938ee128f242f6d9dcca2b0cfc63e
SHA256:
FFA716B76563CA7AE0BE8ABD25E3F5581D300C51DD73D2FF64AC6BD2B70938FD
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
3ad5b2db485dfcfbd18081d6c06557d7
SHA1:
f860828523bcad28f90e0d5cfbcd268ff69cc022
SHA256:
A9BDA15032FCA18A6FE78228F9839B90106E5CACE0B9D1B87CCC815783145D0B
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
73c43930b330fa3068287e8fe3765c19
SHA1:
1f0007af5574cd8e47996130ba46abc59f4728ce
SHA256:
71B26B66DA30479AA3C04B9893FB7E499B8C3FB60E8B648553B1701214A50F95
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
3c3a56175c38dbbdb684c44590976224
SHA1:
16781e4ab150e331702ece8fae5bf69dee96db63
SHA256:
EFAEA778CA03957EE94C2A46A104BC857695BD1DC4CCCC5BAA19D1E12BA70C65
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
6f1397d9dcaf0fe84445292c1cec3186
SHA1:
b3f6c45a979d4929974c90e0e0f11de6e1dd6bac
SHA256:
F510AF2D6F1A7D7DBEF8946F4EF212A0E8B86AF39C5AAB87D677F63BDFCBB8A5
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
7833c51331e27645ccf42dfbf4563892
SHA1:
787f7c9509d41607022c485c5d49b57a6845bbb3
SHA256:
8018DD77178A15828B654A34E483D4105E868DB27950C5ACD7C82BBD00865E41
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
c263dc583ba7af09048f4f9ee159c74a
SHA1:
ba447348abf7c1f55bdd6dd93c95bb1c990eee45
SHA256:
218E900BB2FCDC97AB0A48E4CCE45BC9F4EE0BB86550A0CB34B0FE18F937E710
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
1857d5d5b91661fbc140fa036be61f0b
SHA1:
685445663abbee7b140ef6d98a4979ff23c626e0
SHA256:
A1F90AC9CA0280D06BA5A8571A6FCDAE0F8C2559FE0BA75ECDCF3AD99F3624DB
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
eec105515ff11fc7ee9037b84b037f94
SHA1:
8a2770322f5b3c43c2f837ba4deb2966e098c243
SHA256:
94E36C4C1587A320803AF3F97AB4178D99E3DBC8F64D22A36F79FA99B1A8225A
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
8f80dac909121b4aa932735d2a4d5ef6
SHA1:
4311eae10ca852c14af0ff225e76e804929b7850
SHA256:
1C6889B3612586AD1E7B17B3C48454F75E17CF27CD8E622AC851E3764ED45324
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
502e05a15e0a9ddc3c70540e806e2aa3
SHA1:
795d26a7131561bd7566dc6ee6501b8c6278830d
SHA256:
F3FD8AD40FD4695139A61A7994428361020199CAC8C3FFE04BE273544F99918F
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
61c7058da74c203b51985ae630dc0ecd
SHA1:
d6bf3c76fcb22a57ccc8d788c13a229d490fa0a9
SHA256:
212B67FB18BA8F778BD00F3940BD11A0A0E75A9710BDE3E76684C9F5815EB73C
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
cf2fe56027dfd45e996980ac2ad2e733
SHA1:
64f86e9d768f8125475e7aabf9c181e1613bc0a8
SHA256:
920A6E107E12EE21DD0FC44BA745418EBACC11AB5B351944136D89AED37CAF1C
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
e060492c7935b73555d6a974b65ae4b7
SHA1:
49dffb8f48797badfc23f292942e8e2f93fd8611
SHA256:
5E2337D2FB84305250982EE7EDBD1739E6CD6BDA1D2DC8D983276822F4A3804D
File Size:
148.48 KB, 148480 bytes
|
|
MD5:
be8443b91fc5229438c613e13211031f
SHA1:
7fc1937f7a0823dc45665ad6306442528c48accb
SHA256:
4BB2D4713C09732C4C9FF92CE14E104C5565C99C9FFEBD7DEFF823CCFAA6DD9D
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
4b4261ff7b621815a5a8982ad58662fe
SHA1:
8077715c62d1c9ece23c90bc083e4af3f6ec9d3d
SHA256:
8B35751594410ABF5A478F1CD8C7BA1CAFB1AF78DDBC2763DF97E05DB687EC8C
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
4ff09481a350e7997d1c6f8dd9aec686
SHA1:
2c5555b3a23a24077247da740bac903533583946
SHA256:
8C9B70595E15EAC483B59A454B00960FBC525C6031D605CC9D717295E791AFEF
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
ca78bf37c22f54d08205b74fcfd16859
SHA1:
c4add55a269710e8e80a15e0583c898167d9e857
SHA256:
C3EDDCBFB0AEEE5A2945B3CB9507435D8983DB75EA0E104914D49193BF98AC52
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
ac2bf1f2f319e022d8bee0aa2c3f9362
SHA1:
9b2c009b9808ff4529ba0c838bf4df3973724c5d
SHA256:
E1DC8D880C40A9C7539EDF951277CC2282ACD8BF55C1DA24C2D1663CBA642AAF
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
bfc92cd509646a128375d3d4a9a0fddf
SHA1:
06c9438583ba2b3d5f1c173ca8e9a6829a7b15e8
SHA256:
E76F60D1CCB00D5168BFFD7267E20B0B8923B4A6E3A1E96915FAE1F121D4E08D
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
0681f6d4b03db13d4756e20248d3dd3d
SHA1:
25b995f4b91d1deed1590c5be83472a20bfd4234
SHA256:
FEC65781C9DD2BF3085CBE78A172D518FD08DE0801C267C047F67B708B234698
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
da76e167d84db6e748668e3ace5f9894
SHA1:
73d2e8379ea431ee5a4b97f92b319d45606930ff
SHA256:
F238A20F4BA99D1EA691C151D765B4331F2059076ACA5D1C4D5A3DCDBF22FB37
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
98b617588f3919f59cf8de638ff89672
SHA1:
7ebce1e0be266978b5c9232eaa7d037cfceae3d5
SHA256:
9CF0183652091C6EAF1D910F0F8C597C1DF4611DD895AED8C54B6EC395AF235B
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
dd0bd6839cad442c184e44ba06a6ca83
SHA1:
f01c5ef786c36349281370ac84e85290f2d8b7f6
SHA256:
F958271ABDAD9CBADB0A9E2779BA2BDE7401DA2FFE0156DBD65289FBAC17C78F
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
b926ce110105576296a210864c3ac616
SHA1:
6cbed474054ac3da9ebae89d064ff51fc43c0d56
SHA256:
9823F12B2D82DB73006CBB0F34A8CECAB5547A316E0C3984D1FDE63E3F52E350
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
0fdf0b8de88fde342562fc5cb70dcf14
SHA1:
b186be4827a52f29848681e7e792fd937d99ebeb
SHA256:
168B34C1C6BF2C93B5536F59FBB214510AD9F8978FFCC52B8D89B34CA3DF0549
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
05eff39b54d89f0e1e302a2ebe9e662f
SHA1:
c9e5ec5c93a908d1148553fcd295667b1d9b22e8
SHA256:
606F70CB56FE56DE6F7AF10D7702B1D3ADE2FA88A3A81BFC984726DC95EBB82F
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
406ebb88d4b8823a24f5b760f42ada13
SHA1:
a4c5ff09e443938b28521b01592fd9d40a0432e4
SHA256:
679389962DFB9749802F5363840F65CB9BBDE17C5C92FE3589B660C01F76E2D7
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
eb7fcdc5068d89aa5f641b8b13c34ead
SHA1:
4535afda64dc9342119ceda584a68eede5036153
SHA256:
CF865F18095C7BD6EA9E8481FFD37A51DF8B93A41FCB5075132932CEB3C85B9A
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
7e0a95f6968e0b84ac209e9c8d0e7e6d
SHA1:
7847f070e5755b3839550e5ab308a02a6d414d9c
SHA256:
1D272A64E55286D39DD04AA59142899F108E1D03CC79B777E3CAA1EE992C740B
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
042e09183116a11f252cf6c1b150c692
SHA1:
d8403813c81fb732eef172481fd112aa0cd3522d
SHA256:
A54722F4F239843608AA4DF7DE864665A35B4A49E7DCB87FEC5A8E4C9DF537A6
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
555a348ca3f5ee3d28eff0a246a9e928
SHA1:
41b058d8b5793d5c5cf28dbecb1da118b27a27de
SHA256:
0101A22C844243CB76588AD68D2F0E47CB539C6ABEB3ED0C56D84BFEE394D692
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
72277fb5bce04e998c61a9fc51e0476e
SHA1:
1f9e6da0af107f2af7270aa91e9d0bc75546bcc7
SHA256:
A1CCC59030E1D64352414B9ECEDB1CE93A3F8582451219C85997BCA9F8B66FC9
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
0d5c7884830b2220b2c4a078bac27649
SHA1:
c24fb0ce1d1f577e36da87c54edf65af49d6726b
SHA256:
B2ACAF3A8DAB6AEEDC94F80530F3960D3F326024517C8AB2A48CA399245A5479
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
1660a2d2b81854becdb38cdfc970357b
SHA1:
acfc65416c178ad4742858ea8ac7165f842bb128
SHA256:
87B00054FEE0A26C6C1ADE82A94EEBF3E3208822381E3828FA7144ACF38F6F0B
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
5808a6643139327efcfe03ce57ad4b27
SHA1:
36dfe584afed520bcd815ae2d2d168e6e780d6cf
SHA256:
C2CAB78F8D1EEA58D6FC98ED26E8FB7C17AE15C14C45E599F3E320569D3CD1CC
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
8124821a72c59f4dd20b8244e67f95c2
SHA1:
b8e2ea37dcc62326fcfa3a1b5372373c2a6686bb
SHA256:
28A31CEC7CA79BBAAE182A6E37B6B0AF70CD14B4BF598EA9C2B892F763C070D4
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
ecd842cae138b2c461b463e9e3f267e2
SHA1:
f5daa35805da2d6edae01a22be246dd730251179
SHA256:
84971871E9957570BE6F161CC99DE255BA7F9265B93D0C26212217B1BD382AC1
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
c9bf64edfbc73b4b53472c3d1ef1bc47
SHA1:
0819963a8e6a02883dcc5cdd3d61bc70c5e230fe
SHA256:
3C3AA07F7F184F610F2D45D73DB050F5ECD864CF231BAE619A9B89E216DF2E98
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
bee6c7e031db7667d4b70029103f16cb
SHA1:
7b4f377caf01ad58ef3b472751d79766fa42fca2
SHA256:
4601995F4129118FD81B157309D477366E291C5F2E0AEAD5B75636C140872A55
File Size:
148.48 KB, 148480 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have resources
- File doesn't have security information
- File is .NET application
- File is 32-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Traits
- .NET
- No Version Info
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 192 |
|---|---|
| Potentially Malicious Blocks: | 3 |
| Whitelisted Blocks: | 189 |
| Unknown Blocks: | 0 |
Visual Map
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- MSIL.ClipBanker.HB
- MSIL.ClipBanker.KB
- MSIL.ClipBanker.RE
- MSIL.ClipBanker.RG
- MSIL.ClipBanker.RR
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| User Data Access |
|
