Backdoor.MSIL.ClipBanker.RM
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 9,952 |
| Threat Level: | 60 % (Medium) |
| Infected Computers: | 66 |
| First Seen: | December 18, 2023 |
| Last Seen: | April 6, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Backdoor.MSIL.ClipBanker.RM |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
206ea37582a69dc9007321a1f65d4749
SHA1:
7ba3c754ca27a15234f6089c829a243909a1811c
SHA256:
FF628D11B26A54A29D611E398BE6867A71BA5D73AEBDA7AB9C3A0E81DFFE9641
File Size:
278.53 KB, 278528 bytes
|
|
MD5:
19d89810a8d83a38b3f9fb5b9298bf91
SHA1:
5ba861ac9ace7d724482effc16f324b6ffe04a3a
SHA256:
1C534639B082F51B7900F3A072F04768C3771C3293DE335A2C6542294611AC86
File Size:
278.53 KB, 278528 bytes
|
|
MD5:
e5000a9bc0d05c85180a53324aff82ba
SHA1:
33db58ae9b9be062e726de5c9f8fcea1e2f8d889
SHA256:
1DE02AE16A1BF1AE091C1FAF4F32608C5479B49C4A4BB0770A8819765F4CABD9
File Size:
278.53 KB, 278528 bytes
|
|
MD5:
1047559e048d8b91c038bb59b8002c9e
SHA1:
15c03c4bbbde99aa8d01f8eec1259b074b676182
SHA256:
0CFC3FBD6400478DF6EC8B8571C6CD3021961AE9717100219FB65DE8E1654C87
File Size:
278.53 KB, 278528 bytes
|
|
MD5:
53340065e77a8d3034de1200e8c3612f
SHA1:
e7b184335efe9773e2751d14b67b637f8d085fde
SHA256:
813999EF5498422601D475D8058F81BA4CECE8A9403274A2F5AE007C8E398E76
File Size:
280.06 KB, 280064 bytes
|
Show More
|
MD5:
48174358e9f20d97274932936f1ab607
SHA1:
495904a0dffab49be0fcf908b3b76a5f69384acf
SHA256:
72F4BDE995A717E9BC69F626DE92005A40AEB30CD2632CBE79BC7D7319804064
File Size:
281.09 KB, 281088 bytes
|
|
MD5:
5584332cc74e586abc50fb837faf77e3
SHA1:
f823b3521af7adb96041d462c7de58c9f900440c
SHA256:
414BE8B08CFA0D07D6A526CCAA235B38317A6D97A95C8CD7789EE95791546C09
File Size:
278.53 KB, 278528 bytes
|
|
MD5:
89aa15035ec7ad2fadf92706ead0bf6c
SHA1:
73a16bad07d99d2f34517a72e022c1ce95d4bdec
SHA256:
73EACD5424BBD936FA1FB38BF189D69044E6B3A406E48453B92817842B0FCE46
File Size:
278.53 KB, 278528 bytes
|
|
MD5:
617ba20ac33f5183b41a0daa13235e5f
SHA1:
ed89613ba274ac7948513f3030164943d7a8239d
SHA256:
184B424C333F3502103BED3BF21E540C9DF65C6170876D8A6CDFDDAEDDC4EF7A
File Size:
278.53 KB, 278528 bytes
|
|
MD5:
6cc196b62da2233b431c88717be9d422
SHA1:
fe6c4b2471818389b1a5f291013674cc249e903d
SHA256:
A9EE96E9DD00B9AEBD7915028E9607DD0F4B00D420C40583AEFBCB4D2B88E48E
File Size:
278.53 KB, 278528 bytes
|
|
MD5:
e512709ebd244c5811faaffb761c5f75
SHA1:
3eee742b8ffc62c86f19c27f2a9daaf2ea4f0741
SHA256:
D69C575128E357CB944DE28DCCA077AE08E12AB1CAEC8A5E13B7DD329B6B9702
File Size:
280.06 KB, 280064 bytes
|
|
MD5:
e07d1ddf091bbf278bf5b2a5d5a402a3
SHA1:
5304a207c8957ea8e2716e98f68b75d81e32efa8
SHA256:
DAC83494C4614EABBE1D7E6EDD3205896A6FAC51C8E5864C6200992C933502E5
File Size:
278.53 KB, 278528 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have resources
- File doesn't have security information
- File is .NET application
- File is 32-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Traits
- .NET
- No Version Info
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 575 |
|---|---|
| Potentially Malicious Blocks: | 28 |
| Whitelisted Blocks: | 546 |
| Unknown Blocks: | 1 |
Visual Map
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
x
x
0
x
0
0
0
0
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
x
x
0
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
x
0
0
x
0
0
x
x
x
x
x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- MSIL.ClipBanker.BMB
- MSIL.ClipBanker.FD
- MSIL.ClipBanker.FE
- MSIL.ClipBanker.RM
- MSIL.ClipBanker.RMA
Show More
- MSIL.ClipBanker.RMB
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| User Data Access |
|
