Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	May 2, 2025, 5:52 p.m.	May 2, 2025, 5:55 p.m.

Size	177.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`323541047bc13d261035aa12a9d0016b`
SHA256	`1ec7c4edc2038db0bfaea55962357a0f242a40ac6d0e406f902aed15abae170b`
CRC32	`FBEB50A2`
ssdeep	`3072:7ys2ghWbG9MRaI3d9Zb9lHol/+sfm+UR2VYlha+Ili:7ysTh6G9MHd9B9lIhe+URsBb`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file

ff.exe "C:\Users\test22\AppData\Local\Temp\ff.exe"
1708

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent May 2, 2025, 5:52 p.m.			0	0

A process attempted to delay the analysis task. (1 event)

description

ff.exe tried to sleep 217 seconds, actually delayed analysis time by 217 seconds

Creates hidden or system file (1 event)

Time & API	Arguments	Status	Return	Repeated
SetFileAttributesW May 2, 2025, 5:52 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\winapp\winapp.exe filepath: C:\Users\test22\AppData\Roaming\winapp\winapp.exe	1	1	0

Installs itself for autorun at Windows startup (2 events)

reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SystemServices				reg_value	C:\Users\test22\AppData\Local\Temp\ff.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SystemServices				reg_value	C:\Users\test22\AppData\Roaming\winapp\winapp.exe

File has been identified by 51 AntiVirus engines on VirusTotal as malicious (50 out of 51 events)

Cynet	Malicious (score: 99)
CAT-QuickHeal	cld.trojan.clipbanker
Skyhigh	BehavesLike.Win32.Generic.cm
ALYac	Gen:Variant.Zusy.571494
Cylance	Unsafe
VIPRE	Gen:Variant.Zusy.571494
Sangfor	Banker.Win32.Clipbanker.Vdcs
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Gen:Variant.Zusy.571494
K7GW	Trojan ( 005c35ca1 )
K7AntiVirus	Trojan ( 005c35ca1 )
Arcabit	Trojan.Zusy.D8B866
VirIT	Trojan.Win32.GenusC.HWL
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/ClipBanker.TZ
APEX	Malicious
Avast	Win32:MalwareX-gen [Bank]
Kaspersky	UDS:DangerousObject.Multi.Generic
Alibaba	TrojanBanker:Win32/ClipBanker.26f3c65b
MicroWorld-eScan	Gen:Variant.Zusy.571494
Rising	Spyware.ClipBanker!8.12E6C (TFE:5:SZorKzmmKZI)
Emsisoft	Gen:Variant.Zusy.571494 (B)
F-Secure	Trojan.TR/AD.Nekark.kbdiy
Zillya	Trojan.ClipBanker.Win32.25530
TrendMicro	TROJ_GEN.R002C0XE225
McAfeeD	Real Protect-LS!323541047BC1
CTX	exe.trojan.clipbanker
Sophos	Mal/Generic-S
Jiangmin	Trojan.Banker.ClipBanker.coa
Webroot	Win.Infostealer.Clipbanker
Google	Detected
Avira	TR/AD.Nekark.kbdiy
Antiy-AVL	Trojan[Banker]/Win32.ClipBanker
Kingsoft	malware.kb.a.838
Gridinsoft	Trojan.Win32.CoinMiner.vl!n
Microsoft	Trojan:Win32/Wacatac.B!ml
GData	Gen:Variant.Zusy.571494
AhnLab-V3	Trojan/Win.Malex.R697518
McAfee	Artemis!323541047BC1
TACHYON	Banker/W32.ClipBanker.181248
DeepInstinct	MALICIOUS
VBA32	BScope.Trojan.Malex
Malwarebytes	Generic.Malware.AI.DDS
Ikarus	Trojan.Win32.Clipbanker
Panda	Trj/GdSda.A
Tencent	Malware.Win32.Gencirc.11dff92c
huorong	TrojanSpy/ClipBanker.ag
MaxSecure	Trojan.Malware.300983.susgen
AVG	Win32:MalwareX-gen [Bank]

ff.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All