Trojan.ClipBanker

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	1,547
Threat Level:	80 % (High)
Infected Computers:	47,845

First Seen:	February 26, 2016
Last Seen:	February 7, 2026
OS(es) Affected:	Windows

Table of Contents

SpyHunter Detects & Remove Trojan.ClipBanker

File System Details

Trojan.ClipBanker may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	srvrtl.exe	9779b9378ca6173462b89c9521177764	1,733
Name: srvrtl.exe MD5: 9779b9378ca6173462b89c9521177764 Size: 186.88 KB (186880 bytes) Detections: 1,733 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\windows rtl handler\srvrtl.exe Group: Malware file Last Updated: February 27, 2025
2.	winmsvc.exe	90c83cc7c56c0eb8f27a2226c27191ea	1,185
Name: winmsvc.exe MD5: 90c83cc7c56c0eb8f27a2226c27191ea Size: 86.52 KB (86528 bytes) Detections: 1,185 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\windows maintenance service\winmsvc.exe Group: Malware file Last Updated: August 6, 2021
3.	eyT97uo9.exe	89f7111c4e38e1b15d34cd9c294e410f	346
Name: eyT97uo9.exe MD5: 89f7111c4e38e1b15d34cd9c294e410f Size: 8.22 MB (8228352 bytes) Detections: 346 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\AppData\Roaming\eyT97uo9.exe Group: Malware file Last Updated: October 24, 2025
4.	ntredirect.dll	61131c939b98075c07e189830ff2879d	328
Name: ntredirect.dll MD5: 61131c939b98075c07e189830ff2879d Size: 19.92 MB (19922432 bytes) Detections: 328 Type: Dynamic link library Path: c:\Users\<username>\appdata\roaming\1000107060 Group: Malware file Last Updated: February 18, 2025
5.	ndproxy.dll	a5141201690835a00d4ae138358c36c2	290
Name: ndproxy.dll MD5: a5141201690835a00d4ae138358c36c2 Size: 761.97 KB (761976 bytes) Detections: 290 Type: Dynamic link library Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\1000098060\ndproxy.dll Group: Malware file Last Updated: February 1, 2025
6.	avicapn32.dll	5e95d4d1f6b6398a9bd43714fb382f94	195
Name: avicapn32.dll MD5: 5e95d4d1f6b6398a9bd43714fb382f94 Size: 1.54 MB (1543168 bytes) Detections: 195 Type: Dynamic link library Path: C:\Users\<username>\1000011062\avicapn32.dll Group: Malware file Last Updated: June 11, 2025
7.	dllhost.exe	ef41c74b3376c412f33bebf9bb2a1cbe	141
Name: dllhost.exe MD5: ef41c74b3376c412f33bebf9bb2a1cbe Size: 380.41 KB (380416 bytes) Detections: 141 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\NVIDIA\dllhost.exe Group: Malware file Last Updated: November 7, 2022
8.	clip.exe	8d3942d2bfaf962a1177aee8d08ca079	137
Name: clip.exe MD5: 8d3942d2bfaf962a1177aee8d08ca079 Size: 4.38 MB (4386304 bytes) Detections: 137 Type: Executable File Path: C:\Users\<username>\AppData\Local\Temp\1000123001\clip.exe Group: Malware file Last Updated: October 24, 2025
9.	G54IJEBFCA80M8H.exe	d23dba81354832b3ebee6ff8e79ac839	81
Name: G54IJEBFCA80M8H.exe MD5: d23dba81354832b3ebee6ff8e79ac839 Size: 187.39 KB (187392 bytes) Detections: 81 Type: Executable File Path: C:\Users\<username>\AppData\Local\Temp\G54IJEBFCA80M8H.exe Group: Malware file Last Updated: February 11, 2023
10.	crashreporter.exe	3bb940f619750cbe0bcfc244830077e2	58
Name: crashreporter.exe MD5: 3bb940f619750cbe0bcfc244830077e2 Size: 187.83 KB (187832 bytes) Detections: 58 Type: Executable File Path: C:\Program Files (x86)\Google\CrashReports\crashreporter.exe Group: Malware file Last Updated: October 24, 2025
11.	KThX19g6.exe	e67794445d4082a91b6918d8966bd0f9	27
Name: KThX19g6.exe MD5: e67794445d4082a91b6918d8966bd0f9 Size: 8.07 MB (8075776 bytes) Detections: 27 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\KThX19g6.exe Group: Malware file Last Updated: November 28, 2024
12.	VTubF269.exe	78082230153a2a96641cef68d3afab04	27
Name: VTubF269.exe MD5: 78082230153a2a96641cef68d3afab04 Size: 8.47 MB (8478208 bytes) Detections: 27 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\VTubF269.exe Group: Malware file Last Updated: November 28, 2024
13.	5Ieg5J6t.exe	75032ec6fc183cd80008b1cd4799e7dc	11
Name: 5Ieg5J6t.exe MD5: 75032ec6fc183cd80008b1cd4799e7dc Size: 8.86 MB (8866816 bytes) Detections: 11 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\5Ieg5J6t.exe Group: Malware file Last Updated: March 7, 2025
14.	38cCDuZM.exe	cd18e484f6d852e0bcb8a58b9ce25de7	6
Name: 38cCDuZM.exe MD5: cd18e484f6d852e0bcb8a58b9ce25de7 Size: 4.78 MB (4786688 bytes) Detections: 6 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\38cCDuZM.exe Group: Malware file Last Updated: November 28, 2024
15.	a6f97da1bbd5fbff3bb5496489c33f1f	a6f97da1bbd5fbff3bb5496489c33f1f	0
Name: a6f97da1bbd5fbff3bb5496489c33f1f MD5: a6f97da1bbd5fbff3bb5496489c33f1f Size: 256 KB (256000 bytes) Detections: 0 Group: Malware file

More files

Registry Details

Trojan.ClipBanker may create the following registry entry or registry entries:

Regexp file mask

%ALLUSERSPROFILE%\windowsnetwork\networkfix.exe

%ALLUSERSPROFILE%\xun.exe

%APPDATA%\check.exe

%APPDATA%\Microsoft\Windows\updlive.exe

%APPDATA%\Sound Volume Control\sndvol.exe

%LOCALAPPDATA%\winhost.exe

%TEMP%\conshost.exe

Directories

Trojan.ClipBanker may create the following directory or directories:

%ALLUSERSPROFILE%\Bonjour\2020

%ALLUSERSPROFILE%\HP\2020

%ALLUSERSPROFILE%\Java\2020

%ALLUSERSPROFILE%\ProductData\2020

%APPDATA%\Windows RTL Handler

%APPDATA%\sata monitor

%APPDATA%\windows maintenance service

%LOCALAPPDATA%\AptLnchb

%LOCALAPPDATA%\mscboard

%UserProfile%\Local Settings\Application Data\mscboard

Analysis Report

General information

Family Name:	Trojan.ClipBanker
Signature status:	No Signature

Known Samples

MD5: 88ecb1e217dca9827ff1b31a8640ee0a

SHA1: 5b28a900d3324f4ddee7984acfa40e466cbe9b46

SHA256: C5B2CC314EB9AFC40D5FD63187BA5025F5A4D25BBB8C3BB0C22ED21745758BC7

File Size: 8.17 MB, 8172038 bytes

MD5: 9ccc9e05862c0df0f7dc03b2bc6468a4

SHA1: 094f34eca53bb19b29a089987d928d56816ec48a

SHA256: 3F836B70E208CDDC3B144409F4EDFFB6A8368FE850E22B867E45EBCC92F20A0D

File Size: 88.06 KB, 88064 bytes

MD5: a829c91b1d5667d5bf96f1f30bc03bf6

SHA1: ae48814ed7dca88ec8887e13168e3d1013351572

SHA256: 6F36291069C359B91C9106A5514660608FEBCD8520740400C0AA8545AE9D6DDA

File Size: 2.77 MB, 2769920 bytes

MD5: c6692853ea5249df86ff58358ae25c81

SHA1: cde38d02c04c4549455a973feecbe44f162b9dc7

SHA256: 410A30E70206C0E31D0FACDED075939BB2A48A790280733AD2E165017F9AB969

File Size: 54.27 KB, 54272 bytes

MD5: ee528521cb89fe2851bcfe9366543702

SHA1: 718d36a1914334cfa00a89bc4d0840ff3d7e1cb6

SHA256: 6132E786A01B22C904F1CBF875FBE3AC0D3C9BE8382A6D333E5FB677B11FD64C

File Size: 83.97 KB, 83968 bytes

MD5: 47197bdbc2ef3846e0354aae8715cd83

SHA1: f75290374fc41d99acc05aee452a6f5c13ad7b82

SHA256: 6991523255A65BB509BD5B9495EDB1211D925ED4BEB033470FA886125445F0C4

File Size: 4.32 MB, 4318720 bytes

MD5: 2601d0712c4864401b8db455d4803d25

SHA1: 10a5c35ddf2163b88002b6cedecee4a1562af6f1

SHA256: FCF09A27CC9B795101093C0FC53C6E79DDE7CDC0FAEB794755F0086B9A793992

File Size: 976.90 KB, 976896 bytes

MD5: 008bd68c80214db5eafc7fdb0e520b64

SHA1: bfdfa0f1979ded0a6c38b8d36d519cf5450c88e6

SHA256: 1D995E0AE11A6F2E24E37096B72166B43E147ED696F6C05D5B253E6498F198D7

File Size: 6.20 MB, 6202880 bytes

MD5: 75c54d6a09c162eac141b4ddd3802238

SHA1: 1cae074aac4faa7c1355f24ea395fb09a8ceea3e

SHA256: 51824DBDEFDBBADAE6BC2E885E9FDEDA2D3B1C2701192A0E2ACF1672041CF8D8

File Size: 2.59 MB, 2594816 bytes

MD5: 06d28874a8a33f3cdef15d6e634df586

SHA1: be0a8f84852b9d213ccfb511e05dbb691960c81e

SHA256: C056B996199DFC944799034F299F1061E9B8B192631CE9057F462147B7313A9A

File Size: 194.56 KB, 194560 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have resources
File doesn't have security information
File is .NET application
File is 32-bit executable
File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)

File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	4.1.0.0 2.3.2.0 1.1.545.1 1.0.0.0 0.0.0.0
Company Name	Realtek Semiconductor StudioCore
File Description	Realtek HD Audio Universal Service StudioCore
File Version	4.1.0.0 2.3.2 1.1.545.1 1.0.0.0 0.0.0.0
Internal Name	AssemblyInfo.dll Client.exe Clipper.dll RtkAudUService64.exe StudioCore.dll
Legal Copyright	2023 (c) Realtek Semiconductor. All rights reserved.
Original Filename	AssemblyInfo.dll Client.exe Clipper.dll RtkAudUService64.exe StudioCore.dll
Product Name	Realtek HD Audio Universal Service StudioCore
Product Version	4.1.0.0 2.3.2 1.1.545.1 1.0.0+e79790cdf7249bbf3c98418ca834d573f099915c 1.0.0+675cd64039779539a0de198da6a5838a2f360dd7 0.0.0.0

File Traits

.NET
Agile.net
dll
Fody
GenKrypt
golang
HighEntropy
NewLateBinding
No Version Info
ntdll

Reactor
RijndaelManaged
Run
WriteProcessMemory
x64
x86

Block Information

Total Blocks:	83
Potentially Malicious Blocks:	2
Whitelisted Blocks:	42
Unknown Blocks:	39

Visual Map

0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? x x ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Agent.DFSR
Agent.PFDF
Brute.PVA
Brute.PVF
ClipBanker.UDB

Coinminer.GAJ

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\_mei36362\_bz2.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei36362\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei36362\_decimal.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei36362\_hashlib.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei36362\_lzma.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei36362\_socket.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei36362\_ssl.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei36362\_wmi.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei36362\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei36362\libcrypto-3.dll	Generic Write,Read Attributes

c:\users\user\appdata\local\temp\_mei36362\libffi-8.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei36362\libssl-3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei36362\psutil\_psutil_windows.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei36362\python3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei36362\python312.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei36362\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei36362\unicodedata.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei36362\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei36362\vcruntime140_1.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei40202\_bz2.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei40202\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei40202\_decimal.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei40202\_hashlib.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei40202\_lzma.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei40202\_socket.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei40202\_ssl.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei40202\_wmi.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei40202\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei40202\libcrypto-3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei40202\libffi-8.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei40202\libssl-3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei40202\psutil\_psutil_windows.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei40202\python3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei40202\python312.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei40202\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei40202\unicodedata.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei40202\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei40202\vcruntime140_1.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei41322\_bz2.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei41322\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei41322\_decimal.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei41322\_hashlib.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei41322\_lzma.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei41322\_socket.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei41322\_ssl.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei41322\_wmi.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei41322\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei41322\libcrypto-3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei41322\libffi-8.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei41322\libssl-3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei41322\psutil\_psutil_windows.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei41322\python3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei41322\python312.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei41322\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei41322\unicodedata.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei41322\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei41322\vcruntime140_1.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43482\_bz2.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43482\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43482\_decimal.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43482\_hashlib.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43482\_lzma.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43482\_socket.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43482\_ssl.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43482\_wmi.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43482\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43482\libcrypto-3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43482\libffi-8.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43482\libssl-3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43482\psutil\_psutil_windows.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43482\python3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43482\python312.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43482\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43482\unicodedata.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43482\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43482\vcruntime140_1.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45922\_bz2.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45922\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45922\_decimal.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45922\_hashlib.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45922\_lzma.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45922\_socket.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45922\_ssl.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45922\_wmi.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45922\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45922\libcrypto-3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45922\libffi-8.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45922\libssl-3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45922\psutil\_psutil_windows.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45922\python3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45922\python312.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45922\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45922\unicodedata.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45922\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45922\vcruntime140_1.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei51522\_bz2.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei51522\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei51522\_decimal.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei51522\_hashlib.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei51522\_lzma.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei51522\_socket.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei51522\_ssl.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei51522\_wmi.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei51522\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei51522\libcrypto-3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei51522\libffi-8.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei51522\libssl-3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei51522\psutil\_psutil_windows.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei51522\python3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei51522\python312.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei51522\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei51522\unicodedata.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei51522\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei51522\vcruntime140_1.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei52682\_bz2.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei52682\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei52682\_decimal.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei52682\_hashlib.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei52682\_lzma.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei52682\_socket.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei52682\_ssl.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei52682\_wmi.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei52682\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei52682\libcrypto-3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei52682\libffi-8.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei52682\libssl-3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei52682\psutil\_psutil_windows.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei52682\python3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei52682\python312.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei52682\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei52682\unicodedata.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei52682\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei52682\vcruntime140_1.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54162\_bz2.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54162\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54162\_decimal.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54162\_hashlib.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54162\_lzma.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54162\_socket.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54162\_ssl.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54162\_wmi.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54162\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54162\libcrypto-3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54162\libffi-8.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54162\libssl-3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54162\psutil\_psutil_windows.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54162\python3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54162\python312.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54162\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54162\unicodedata.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54162\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54162\vcruntime140_1.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54802\_bz2.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54802\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54802\_decimal.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54802\_hashlib.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54802\_lzma.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54802\_socket.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54802\_ssl.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54802\_wmi.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54802\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54802\libcrypto-3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54802\libffi-8.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54802\libssl-3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54802\psutil\_psutil_windows.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54802\python3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54802\python312.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54802\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54802\unicodedata.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54802\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54802\vcruntime140_1.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei56762\_bz2.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei56762\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei56762\_decimal.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei56762\_hashlib.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei56762\_lzma.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei56762\_socket.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei56762\_ssl.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei56762\_wmi.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei56762\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei56762\libcrypto-3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei56762\libffi-8.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei56762\libssl-3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei56762\psutil\_psutil_windows.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei56762\python3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei56762\python312.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei56762\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei56762\unicodedata.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei56762\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei56762\vcruntime140_1.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei58042\_bz2.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei58042\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei58042\_decimal.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei58042\_hashlib.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei58042\_lzma.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei58042\_socket.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei58042\_ssl.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei58042\_wmi.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei58042\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei58042\libcrypto-3.dll	Generic Write,Read Attributes

45 additional files are not displayed above.

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtAlpcSetInformation ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtCancelTimer2 ntdll.dll!NtCancelWaitCompletionPacket Show More ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtCompareSigningLevels ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateMutant ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFlushProcessWriteBuffers ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtGetCachedSigningLevel ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReadVirtualMemory ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRemoveIoCompletionEx ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtResumeThread ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSetTimer2 ntdll.dll!NtSetTimerEx ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtUnsubscribeWnfStateChange ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForMultipleObjects ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory ntdll.dll!NtYieldExecution 51 additional items are not displayed above.
Process Shell Execute	CreateProcess
User Data Access	GetComputerNameEx GetUserDefaultLocaleName GetUserObjectInformation OpenClipboard
Other Suspicious	AdjustTokenPrivileges
Anti Debug	IsDebuggerPresent
Network Winsock2	WSAStartup

Shell Command Execution


							c:\users\user\downloads\5b28a900d3324f4ddee7984acfa40e466cbe9b46_0008172038 "c:\users\user\downloads\5b28a900d3324f4ddee7984acfa40e466cbe9b46_0008172038"


							c:\users\user\downloads\5b28a900d3324f4ddee7984acfa40e466cbe9b46_0008172038 "c:\users\user\downloads\5b28a900d3324f4ddee7984acfa40e466cbe9b46_0008172038"


							c:\users\user\downloads\5b28a900d3324f4ddee7984acfa40e466cbe9b46_0008172038 "c:\users\user\downloads\5b28a900d3324f4ddee7984acfa40e466cbe9b46_0008172038"


							c:\users\user\downloads\5b28a900d3324f4ddee7984acfa40e466cbe9b46_0008172038 "c:\users\user\downloads\5b28a900d3324f4ddee7984acfa40e466cbe9b46_0008172038"


							c:\users\user\downloads\5b28a900d3324f4ddee7984acfa40e466cbe9b46_0008172038 "c:\users\user\downloads\5b28a900d3324f4ddee7984acfa40e466cbe9b46_0008172038"


									c:\users\user\downloads\5b28a900d3324f4ddee7984acfa40e466cbe9b46_0008172038 "c:\users\user\downloads\5b28a900d3324f4ddee7984acfa40e466cbe9b46_0008172038"


									c:\users\user\downloads\5b28a900d3324f4ddee7984acfa40e466cbe9b46_0008172038 "c:\users\user\downloads\5b28a900d3324f4ddee7984acfa40e466cbe9b46_0008172038"


									c:\users\user\downloads\5b28a900d3324f4ddee7984acfa40e466cbe9b46_0008172038 "c:\users\user\downloads\5b28a900d3324f4ddee7984acfa40e466cbe9b46_0008172038"


									c:\users\user\downloads\5b28a900d3324f4ddee7984acfa40e466cbe9b46_0008172038 "c:\users\user\downloads\5b28a900d3324f4ddee7984acfa40e466cbe9b46_0008172038"


									c:\users\user\downloads\5b28a900d3324f4ddee7984acfa40e466cbe9b46_0008172038 "c:\users\user\downloads\5b28a900d3324f4ddee7984acfa40e466cbe9b46_0008172038"


									c:\users\user\downloads\5b28a900d3324f4ddee7984acfa40e466cbe9b46_0008172038 "c:\users\user\downloads\5b28a900d3324f4ddee7984acfa40e466cbe9b46_0008172038"


									c:\users\user\downloads\5b28a900d3324f4ddee7984acfa40e466cbe9b46_0008172038 "c:\users\user\downloads\5b28a900d3324f4ddee7984acfa40e466cbe9b46_0008172038"

Trojan.ClipBanker

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove Trojan.ClipBanker

File System Details

Registry Details

Directories

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Related Posts

Trending

Most Viewed