Win32/ClipBanker.PB malicious file

The Win32/ClipBanker.PB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/ClipBanker.PB virus can do?

Creates RWX memory
Dynamic (imported) function loading detected
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Win32/ClipBanker.PB?


File Info:
name: 0E43C903ADFA6231677C.mlw
path: /opt/CAPEv2/storage/binaries/5f58706f4baa696d1dc911d32c6cf2b59772b99d5c67ccb69383edd67398ad23
crc32: F067A32D
md5: 0e43c903adfa6231677c17437351bd24
sha1: 3dd5d4ce3c853e839f4e99be9c44e9afd15bfebd
sha256: 5f58706f4baa696d1dc911d32c6cf2b59772b99d5c67ccb69383edd67398ad23
sha512: 069a8886fc95506a4d88ff848ed098b3e96e40c2e27035753d2b20db0d57ce7ab027cad4c80b13297329834f6d3855d0dbe076d5538c39a9ac456d09694c03e0
ssdeep: 24576:c2UWb88SpY1h4AptWjCrfzPEaYxRmQAM9s19pBoS8J4mABXW5s2C+V65AYxA6w38:cI3sgsaW909p2S8J4h2C+nYbgQ6
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D8D51917F356723EC89A193F09BB6325EE7A7AD165034C4AC2E4785CEB395403EBE502
sha3_384: ee419b0f9ef2168544339b4b69c49d1e6ac95a28d2b61f440bea5ef9dced1ec743f38ae504a3c22a18bc9d2a6ff7d3b8
ep_bytes: 558bec83c4f0b894fd6100e8cc82deff
timestamp: 2022-07-08 14:24:44

Version Info:
FileDescription: btc
FileVersion: 1.0.0.0
ProductName: btc
ProductVersion: 1.0.0.0
ProgramID: com.embarcadero.btc
Translation: 0x0409 0x04e4

Win32/ClipBanker.PB also known as:

MicroWorld-eScan	Gen:Variant.Tedy.98092
FireEye	Gen:Variant.Tedy.98092
McAfee	GenericRXAA-FA!0E43C903ADFA
VIPRE	Gen:Variant.Tedy.98092
K7GW	Trojan ( 00594bcf1 )
K7AntiVirus	Trojan ( 00594bcf1 )
BitDefenderTheta	Gen:NN.ZelphiF.34786.1U0@auM2fHji
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/ClipBanker.PB
TrendMicro-HouseCall	TROJ_GEN.R014C0WG922
Kaspersky	HEUR:Trojan-Banker.Win32.ClipBanker.gen
BitDefender	Gen:Variant.Tedy.98092
Avast	Win32:BankerX-gen [Trj]
Rising	Trojan.Generic@AI.85 (RDML:HWfq31Kg9jjHj6Rp/KO+bQ)
Ad-Aware	Gen:Variant.Tedy.98092
Emsisoft	Gen:Variant.Tedy.98092 (B)
TrendMicro	TROJ_GEN.R014C0WG922
McAfee-GW-Edition	BehavesLike.Win32.Dropper.vh
Trapmine	suspicious.low.ml.score
Sophos	Mal/Generic-S
APEX	Malicious
Jiangmin	Trojan.CryFile.ir
MAX	malware (ai score=81)
Antiy-AVL	Trojan/Generic.ASMalwS.5090
Microsoft	Trojan:Win32/Wacatac.B!ml
GData	Gen:Variant.Tedy.98092
AhnLab-V3	Trojan/Win.Generic.C5185752
VBA32	TScope.Trojan.Delf
ALYac	Gen:Variant.Tedy.98092
Ikarus	Trojan.Win32.Clipbanker
Tencent	Malware.Win32.Gencirc.10d08d83
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/ClipBanker.PB!tr
AVG	Win32:BankerX-gen [Trj]

How to remove Win32/ClipBanker.PB?

Win32/ClipBanker.PB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X