Threat Database Backdoors Backdoor.MSIL.ClipBanker.RM

Backdoor.MSIL.ClipBanker.RM

By CagedTech in Backdoors

Threat Scorecard

Popularity Rank: 9,952
Threat Level: 60 % (Medium)
Infected Computers: 66
First Seen: December 18, 2023
Last Seen: April 6, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Backdoor.MSIL.ClipBanker.RM
Signature status: No Signature

Known Samples

MD5: 206ea37582a69dc9007321a1f65d4749
SHA1: 7ba3c754ca27a15234f6089c829a243909a1811c
SHA256: FF628D11B26A54A29D611E398BE6867A71BA5D73AEBDA7AB9C3A0E81DFFE9641
File Size: 278.53 KB, 278528 bytes
MD5: 19d89810a8d83a38b3f9fb5b9298bf91
SHA1: 5ba861ac9ace7d724482effc16f324b6ffe04a3a
SHA256: 1C534639B082F51B7900F3A072F04768C3771C3293DE335A2C6542294611AC86
File Size: 278.53 KB, 278528 bytes
MD5: e5000a9bc0d05c85180a53324aff82ba
SHA1: 33db58ae9b9be062e726de5c9f8fcea1e2f8d889
SHA256: 1DE02AE16A1BF1AE091C1FAF4F32608C5479B49C4A4BB0770A8819765F4CABD9
File Size: 278.53 KB, 278528 bytes
MD5: 1047559e048d8b91c038bb59b8002c9e
SHA1: 15c03c4bbbde99aa8d01f8eec1259b074b676182
SHA256: 0CFC3FBD6400478DF6EC8B8571C6CD3021961AE9717100219FB65DE8E1654C87
File Size: 278.53 KB, 278528 bytes
MD5: 53340065e77a8d3034de1200e8c3612f
SHA1: e7b184335efe9773e2751d14b67b637f8d085fde
SHA256: 813999EF5498422601D475D8058F81BA4CECE8A9403274A2F5AE007C8E398E76
File Size: 280.06 KB, 280064 bytes
Show More
MD5: 48174358e9f20d97274932936f1ab607
SHA1: 495904a0dffab49be0fcf908b3b76a5f69384acf
SHA256: 72F4BDE995A717E9BC69F626DE92005A40AEB30CD2632CBE79BC7D7319804064
File Size: 281.09 KB, 281088 bytes
MD5: 5584332cc74e586abc50fb837faf77e3
SHA1: f823b3521af7adb96041d462c7de58c9f900440c
SHA256: 414BE8B08CFA0D07D6A526CCAA235B38317A6D97A95C8CD7789EE95791546C09
File Size: 278.53 KB, 278528 bytes
MD5: 89aa15035ec7ad2fadf92706ead0bf6c
SHA1: 73a16bad07d99d2f34517a72e022c1ce95d4bdec
SHA256: 73EACD5424BBD936FA1FB38BF189D69044E6B3A406E48453B92817842B0FCE46
File Size: 278.53 KB, 278528 bytes
MD5: 617ba20ac33f5183b41a0daa13235e5f
SHA1: ed89613ba274ac7948513f3030164943d7a8239d
SHA256: 184B424C333F3502103BED3BF21E540C9DF65C6170876D8A6CDFDDAEDDC4EF7A
File Size: 278.53 KB, 278528 bytes
MD5: 6cc196b62da2233b431c88717be9d422
SHA1: fe6c4b2471818389b1a5f291013674cc249e903d
SHA256: A9EE96E9DD00B9AEBD7915028E9607DD0F4B00D420C40583AEFBCB4D2B88E48E
File Size: 278.53 KB, 278528 bytes
MD5: e512709ebd244c5811faaffb761c5f75
SHA1: 3eee742b8ffc62c86f19c27f2a9daaf2ea4f0741
SHA256: D69C575128E357CB944DE28DCCA077AE08E12AB1CAEC8A5E13B7DD329B6B9702
File Size: 280.06 KB, 280064 bytes
MD5: e07d1ddf091bbf278bf5b2a5d5a402a3
SHA1: 5304a207c8957ea8e2716e98f68b75d81e32efa8
SHA256: DAC83494C4614EABBE1D7E6EDD3205896A6FAC51C8E5864C6200992C933502E5
File Size: 278.53 KB, 278528 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have resources
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

  • .NET
  • No Version Info
  • x86

Block Information

Total Blocks: 575
Potentially Malicious Blocks: 28
Whitelisted Blocks: 546
Unknown Blocks: 1

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 x 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 x 0 0 x x x x x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • MSIL.ClipBanker.BMB
  • MSIL.ClipBanker.FD
  • MSIL.ClipBanker.FE
  • MSIL.ClipBanker.RM
  • MSIL.ClipBanker.RMA
Show More
  • MSIL.ClipBanker.RMB

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateThreadEx
Show More
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation

Trending

Most Viewed

Loading...