Backdoor.MSIL.ClipBanker.TI
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 16,740 |
| Threat Level: | 60 % (Medium) |
| Infected Computers: | 98 |
| First Seen: | September 1, 2023 |
| Last Seen: | April 7, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Backdoor.MSIL.ClipBanker.TI |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
0268dfe672eedc503f834cc8d3d55bcd
SHA1:
68c52c21c2a40200d1e07f6a341d077ea5689a38
SHA256:
F6F62865694D61C67B21D41C31FB1E8CFF82D391EF45850DAB140CF9A444F076
File Size:
284.67 KB, 284672 bytes
|
|
MD5:
4548f97a22a80969b19b4e73285adf52
SHA1:
72db5023730d25c2e6b9a91245a9558b1ba1bb20
SHA256:
3F3881FCE528052786B7ED0B22017E3D878ECAAAB2CBAA83C20047F5179DF01F
File Size:
284.67 KB, 284672 bytes
|
|
MD5:
074328c98f5429327684bf5a909d6c45
SHA1:
087139706db5e3d598c60aa2574207eb43ed738d
SHA256:
1BE11B49E97D9FA1C84D81E4980455E6149170FAEB6D7A3D1BECE3E9167B95FA
File Size:
284.67 KB, 284672 bytes
|
|
MD5:
5effaabe0e7550dec1b98fd78b5c64d6
SHA1:
65ea4b334453e047ddfa6dedac6264eafc95c802
SHA256:
64FE473CD07EB4114C39D2B8A6A5ACC825276DC027BF3A27AB13EB7BD4ACF20C
File Size:
284.67 KB, 284672 bytes
|
|
MD5:
1be9fd6901edddb3edc4769bacc251d5
SHA1:
43dda1e465457d2f1d4159c26d5a542e7db389c8
SHA256:
DB9D5A5E48C6837E0350E3413AE5EBDFBD5CA7A48B4EA938D115E93E394F9E3C
File Size:
284.67 KB, 284672 bytes
|
Show More
|
MD5:
cb3aeabeff283207d9e70997bb33262c
SHA1:
d83c310709fd9a82ab38b54c093b6befa49e547e
SHA256:
8118119AE3824A5F394EC71143DDDDFC044DFA595522B987283E45A4C318E98C
File Size:
284.67 KB, 284672 bytes
|
|
MD5:
dc13efeeb795f4d2ba0af9dc247ea53c
SHA1:
21d069841aa1e9a3adacd8a5b949835ebb57fd20
SHA256:
BF65BDBC99B48551A2530FDA61ED10403E63BFE160DDEF191748772EB1B38FCE
File Size:
284.67 KB, 284672 bytes
|
|
MD5:
b631968f24feeb864f36d0bf98456816
SHA1:
80ad24ee4c8fb7707c5f64ad177ff7833722cb8d
SHA256:
22510A44BC6146A12444D6B260389085130E5FDC58439B09794964B3204AFA35
File Size:
284.67 KB, 284672 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have resources
- File doesn't have security information
- File is .NET application
- File is 32-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Traits
- .NET
- No Version Info
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 110 |
|---|---|
| Potentially Malicious Blocks: | 3 |
| Whitelisted Blocks: | 107 |
| Unknown Blocks: | 0 |
Visual Map
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- MSIL.ClipBanker.DHA
- MSIL.ClipBanker.RAB
- MSIL.ClipBanker.RH
- MSIL.ClipBanker.TI
- MSIL.Krypt.DJE
Show More
- MSIL.Krypt.DJJ
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| User Data Access |
|
