Trojan.ClipBanker.PCU
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.ClipBanker.PCU |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
09cbf9096cbd13ce7e284dc658250a74
SHA1:
6107d7c0e84a601c4a5f1101d21b18f1fc9fd1b8
SHA256:
81B1810856AD6A1971EE481AB02369BAC9E69916ECEFD092081A2A96DBD6B6B9
File Size:
1.72 MB, 1720872 bytes
|
|
MD5:
1a6acb444762c6c98ef84f548d5c3aa0
SHA1:
88ce79f2dc34ec47f55ce6b483e39d2a0b77cb72
SHA256:
59FF0305C48EFA67262FF44C6DC719A03F297ACD61D66F54D78496AFF03D79A6
File Size:
1.69 MB, 1685504 bytes
|
|
MD5:
cf77fdd93a98836ffbad8c4389bad111
SHA1:
552d2951f0acd87179d3692c4b637c47a5968322
SHA256:
A87E43F2F63DC94750688B47FA52A79FD94623EFD0E7B1B5D6DDB88396A5DF3A
File Size:
1.74 MB, 1738240 bytes
|
|
MD5:
1a869f9385ae10f07f0d5216210cf34d
SHA1:
1b4869a25e609cb75e36e12e2aab1d40fe7f8c2b
SHA256:
66925D3C725E0B81BB0F53C91C886FE513C4039B7250E8FB426300C851A910BA
File Size:
1.15 MB, 1154048 bytes
|
|
MD5:
a8f122223641c7f6a582ae684e539821
SHA1:
d4c2244c610fc795dc8bb7b85bd683764c3ad429
SHA256:
78173448E7F8B9953D1FE2A9E3CCE3713A1E49695661D6F55FEA48987699DD2F
File Size:
1.38 MB, 1384448 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have resources
- File doesn't have security information
- File has TLS information
- File is 32-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is Native application (NOT .NET application)
Show More
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Digital Signatures
Digital Signatures
This section lists digital signatures that are attached to samples within this family. When analyzing and verifying digital signatures, it is important to confirm that the signature’s root authority is a well-known and trustworthy entity and that the status of the signature is good. Malware is often signed with non-trustworthy “Self Signed” digital signatures (which can be easily created by a malware author with no verification). Malware may also be signed by legitimate signatures that have an invalid status, and by signatures from questionable root authorities with fake or misleading “Signer” names.| Signer | Root | Status |
|---|---|---|
| NVIDIA Corporation | DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 | Hash Mismatch |
File Traits
- fptable
- HighEntropy
- No Version Info
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 1,798 |
|---|---|
| Potentially Malicious Blocks: | 156 |
| Whitelisted Blocks: | 1,193 |
| Unknown Blocks: | 449 |
Visual Map
?
?
?
x
0
?
?
?
?
?
?
0
?
x
x
0
x
x
?
?
?
x
x
?
?
x
?
?
?
?
x
x
x
x
x
0
x
x
0
?
0
0
?
0
?
0
?
x
x
?
x
?
x
?
0
0
?
0
?
0
?
?
0
?
?
?
0
?
?
0
?
0
0
?
x
0
?
0
0
0
?
?
x
?
?
?
?
?
0
x
?
0
x
?
0
0
x
x
0
0
?
0
0
0
0
0
0
?
?
x
x
x
x
x
0
0
0
?
?
0
?
x
?
x
x
?
?
x
?
?
?
?
?
?
?
?
?
0
0
0
0
?
?
?
0
?
0
?
?
0
0
0
x
?
x
0
x
x
?
0
?
?
0
?
0
0
0
?
0
?
?
?
0
?
0
0
?
?
?
0
x
0
x
0
?
?
0
0
?
0
?
x
?
0
?
?
0
?
?
0
?
0
?
?
0
0
?
0
x
0
x
x
x
?
x
?
?
?
0
?
0
?
0
0
0
0
x
0
0
?
x
?
?
x
?
?
x
?
x
?
0
0
?
x
?
?
?
?
?
?
?
x
0
x
0
0
0
0
0
?
0
?
?
?
0
?
0
0
0
?
?
0
?
?
?
?
x
0
0
?
?
?
?
?
?
?
0
?
?
?
0
0
0
0
?
?
x
?
?
?
?
?
x
0
0
?
0
0
0
?
?
?
?
?
?
?
?
?
x
?
?
?
0
?
0
0
0
?
?
0
?
?
?
?
?
0
?
?
?
0
?
x
?
?
?
?
0
?
?
?
x
?
0
?
?
?
x
?
?
?
x
x
?
?
0
x
?
?
?
?
?
?
?
?
?
?
?
0
x
?
?
0
?
0
0
?
0
?
x
x
0
0
x
x
x
x
0
x
0
0
0
?
?
0
?
?
?
?
?
?
?
0
?
0
0
0
x
x
x
0
0
?
0
?
0
0
x
?
?
?
?
?
?
?
?
?
x
x
?
x
?
0
?
0
x
?
x
x
x
?
0
?
?
0
0
?
0
?
?
0
?
?
0
?
0
0
?
0
?
?
?
?
0
0
x
?
?
0
0
0
0
0
?
?
x
0
?
?
?
?
0
0
0
?
?
0
?
0
0
?
?
0
0
?
?
?
0
x
?
x
x
x
?
?
0
?
?
?
x
?
x
0
?
0
0
0
0
?
0
0
0
?
?
x
0
0
0
?
0
?
?
x
0
?
0
?
0
0
?
?
?
?
?
0
?
?
0
?
x
x
?
x
?
?
x
0
0
x
0
?
?
?
x
?
?
?
?
?
0
?
0
0
?
0
0
0
0
?
?
0
?
0
?
0
?
?
x
?
0
0
x
0
?
0
?
0
0
?
0
x
x
?
0
x
?
?
0
0
x
x
x
x
x
?
0
0
x
x
?
?
?
x
0
0
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
x
?
x
?
?
?
?
0
?
0
?
?
0
0
x
?
?
?
x
x
x
?
?
?
0
x
?
?
?
0
0
?
0
?
0
?
0
?
x
?
?
0
0
?
?
?
?
?
0
?
0
0
?
x
?
x
x
x
?
x
?
0
?
?
?
0
x
?
0
?
?
x
x
0
x
0
?
0
x
?
x
?
?
x
0
x
x
x
?
?
0
?
0
0
0
?
0
?
?
?
?
0
?
0
?
?
0
0
0
0
0
x
?
0
x
?
0
0
?
0
0
?
0
?
0
?
0
0
?
?
?
?
0
?
?
x
x
?
?
0
x
0
?
0
?
0
0
?
x
?
?
?
x
?
?
?
0
?
0
?
?
x
0
0
0
?
?
?
?
?
?
?
0
0
?
0
?
?
0
?
0
0
0
x
?
?
x
x
x
?
?
?
0
x
?
x
0
0
?
0
0
0
?
0
?
?
0
?
0
0
?
x
0
?
x
?
x
?
x
x
?
?
?
?
?
0
?
?
0
0
?
?
?
?
?
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
1
1
1
0
0
1
1
1
3
1
0
0
0
0
0
0
0
1
2
0
0
0
1
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
1
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
1
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
1
0
1
0
0
0
0
0
0
0
0
0
2
2
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
2
2
1
1
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
2
2
2
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
2
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
2
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Stelpak.A
