Backdoor.MSIL.ClipBanker.RV
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 14,612 |
| Threat Level: | 60 % (Medium) |
| Infected Computers: | 115 |
| First Seen: | March 10, 2024 |
| Last Seen: | March 21, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Backdoor.MSIL.ClipBanker.RV |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
78d6f08a8d8eddf7d3d71b40114233ad
SHA1:
302689e468e2895edf68432621d3a181d4dc452b
File Size:
146.94 KB, 146944 bytes
|
|
MD5:
eb39231f186458052770a3652ec35593
SHA1:
5c07da3ad4bdc10d71ce9d3beaddc8d4a557f8ab
File Size:
146.94 KB, 146944 bytes
|
|
MD5:
803d90052e35fb4ee6c1a177acb8f4c9
SHA1:
e107e3057331fe81879031690bd10153fae8e2f0
File Size:
146.94 KB, 146944 bytes
|
|
MD5:
ac950af65a9efe50e10a9e353d9c7508
SHA1:
13a22ac1066541277d75a93142b83f046caf3730
SHA256:
5C061CFBB6DD6F5C98AB6937E27B6E5E1AC65AD8087C00E88B07BA4B98AFD48E
File Size:
146.94 KB, 146944 bytes
|
|
MD5:
986d4741874e96007def0bcd16fbbe78
SHA1:
4ca2c1ae7a90ee1f63e424abfe434dafc8a7e424
SHA256:
489EAC4D5C54EDB711529E1E77A970A2B21594F7FF77700AF95A3BC03A5F6622
File Size:
146.94 KB, 146944 bytes
|
Show More
|
MD5:
c2d5129464b6ab88c3d2b0b75c3a6699
SHA1:
49fa804b8dc97f4b6c028547f39500dadfebcf72
SHA256:
C8E02C6CA5AA318D72561E6F3D0282FC7F5EC41F648608AC45672801BFE2E417
File Size:
146.94 KB, 146944 bytes
|
|
MD5:
3b1832f59e571a45b56b60915b4ac80a
SHA1:
c99b8f57c5b218e086ea7f005033fab02425f76a
SHA256:
D5E6C36CB9E3A440AD1AD2D67BFCAD5E21E3189120CCFA6F340C4158A377776A
File Size:
146.94 KB, 146944 bytes
|
|
MD5:
d2d4428b70204cb715ce26c2a5c377c9
SHA1:
713b8abb4b9c08eaf898d539acdeffe450c665fc
SHA256:
121FD11B0CE33AE34D0767301D7F1286130CEBB44CDD9D17E5A6BA707D7FAF32
File Size:
146.94 KB, 146944 bytes
|
|
MD5:
11f0043803f546bd55b3d1c7c6780e1e
SHA1:
4d38cf5aad48e3ac49f485bd68c59df320bdd44d
SHA256:
A0AEB46C2711DB04C597FE628BDCE444735A3F455D41B01B690FC5BD137AB18E
File Size:
146.94 KB, 146944 bytes
|
|
MD5:
4e77fe09e1cbe0663160415ff8c80c9b
SHA1:
c5381199ba35899afb76598d39d1c394d728fad3
SHA256:
D4A75C0049B81F1261717612443E70745B75EC98DFA29D4797BCC6C6D5A01072
File Size:
146.94 KB, 146944 bytes
|
|
MD5:
12a2ee25e475bbbd23b051474dbcc4ce
SHA1:
a45d58077d81b07dbcd5687d966be7a132b38b5a
SHA256:
4139560FED5419937F62AA7F2DD263BF5487F3043C08D258FADE9A687DCB9FB7
File Size:
146.94 KB, 146944 bytes
|
|
MD5:
2e397815d2ef81d4e38518a9dae4f560
SHA1:
d9d305a97a26fff6d512dfb5fb6923f890a1d39c
SHA256:
24D96A19616CD8271C444193AB82E8270B50534C57A963A548F13008FB809DAE
File Size:
146.94 KB, 146944 bytes
|
|
MD5:
6873c694728eaa592ec0f74b34788b00
SHA1:
65f3e4669269178c133b416d8b2f39d8e7b8abce
SHA256:
0014780C25E69DE46F5064C33916F388036B806DB66B08CDA22958F330BB67BB
File Size:
146.94 KB, 146944 bytes
|
|
MD5:
0c4c53f9dcf0a8a660e3a3bec5599c62
SHA1:
74a35b00d2f91c9bc91a4fc399562e95f3776033
SHA256:
048A073B7141777540D595AA0348015ED2FFBE3761D9E270195802D2FEA34857
File Size:
146.94 KB, 146944 bytes
|
|
MD5:
fabdf687b10dfa34bf7b0004f502c9f2
SHA1:
d0a3baee1eca501d48b6bc585860a864580dd43e
SHA256:
D83B1FF0787614DB66A515CB8023B9A1EC565D648F4497C3C45E03EA844085EE
File Size:
146.94 KB, 146944 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have resources
- File doesn't have security information
- File is .NET application
- File is 32-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Traits
- .NET
- No Version Info
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 229 |
|---|---|
| Potentially Malicious Blocks: | 92 |
| Whitelisted Blocks: | 137 |
| Unknown Blocks: | 0 |
Visual Map
0
0
x
0
0
x
0
x
x
0
0
x
0
0
0
0
0
x
x
x
0
0
0
0
0
0
0
0
x
x
x
x
x
x
x
x
x
0
x
x
0
x
0
x
x
x
x
x
x
x
0
0
0
x
x
0
0
0
0
0
x
x
x
x
0
0
0
0
0
0
0
0
0
0
0
x
x
x
x
0
x
x
0
x
0
0
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
x
x
0
x
x
0
0
x
x
0
x
0
x
x
0
0
0
0
x
0
0
0
0
0
0
0
0
x
x
x
x
x
0
0
0
0
0
0
0
0
x
0
x
0
0
0
x
0
0
0
x
x
x
x
x
0
0
x
x
x
x
x
x
x
0
0
0
0
0
x
x
x
x
0
0
x
0
x
x
0
x
0
0
0
0
x
x
0
x
x
0
x
0
0
0
0
0
0
0
x
x
x
x
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- MSIL.ClipBanker.RV
- MSIL.ClipBanker.VB
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| User Data Access |
|
