chromedriver[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

chromedriver.exe
Size

3.1MB
MD5

c854d9179ecde7dd193b714eee283ddd
SHA1

9e180b163dd2cc772f79e24597758ece07b7b9c0
SHA256

cb4bfb5629770d7b3f1f93e1bd4dbc655abcf850cf19264935c71b6d8f2fec15
SHA512

d86571570c477a6d04cc2e8db2cb4c088480e07fec8fafdc94daa5e57549d678613844d192eaee8e7c67429c191d876a87a69003c7e599e1060440d244b9b8e7
SSDEEP

49152:ziJeydcb+gsK53kLnIthgLvrHENC08F3NPfkjpu:XJQ/Iu35kjp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
chromedriver.exe

Files

chromedriver.exe
.exe windows:6 windows x64 arch:x64

ebaac7f9b7452bde18865ba1f885e1b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rearrestsquedfulhi.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
WaitOnAddress
WakeByAddressAll

ntdll

RtlVirtualUnwind
NtWriteFile
NtQuerySystemInformation
NtCancelIoFileEx
RtlNtStatusToDosError
NtDeviceIoControlFile
NtCreateFile
RtlLookupFunctionEntry
NtQueryInformationProcess
RtlGetVersion
RtlCaptureContext

kernel32

GetLastError
GetProcessIoCounters
GetSystemTimes
GetProcessTimes
DeviceIoControl
GetVolumeInformationW
GetDriveTypeW
ReleaseSemaphore
CreateFileW
SetConsoleCtrlHandler
GetProcessHeap
CloseHandle
GetDiskFreeSpaceExW
HeapAlloc
HeapFree
CreateSemaphoreA
GlobalMemoryStatusEx
GetTickCount64
OpenProcess
GetCurrentThreadId
GetSystemTimeAsFileTime
GetCurrentProcess
DuplicateHandle
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetSystemInfo
ReadProcessMemory
VirtualQueryEx
LocalFree
SetHandleInformation
GetLogicalDrives
WaitForSingleObject
GetCurrentProcessId
CreateMutexA
LoadLibraryA
WaitForSingleObjectEx
GetFullPathNameW
CreateThread
IsProcessorFeaturePresent
CreateIoCompletionPort
GetQueuedCompletionStatusEx
WriteConsoleW
PostQueuedCompletionStatus
SetFileCompletionNotificationModes
MultiByteToWideChar
Sleep
GetModuleHandleA
GetProcAddress
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
SwitchToThread
QueryPerformanceCounter
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetFileAttributesW
SetFileInformationByHandle
CreateProcessW
GetStdHandle
WriteFileEx
SleepEx
QueryPerformanceFrequency
GetSystemTimePreciseAsFileTime
GetWindowsDirectoryW
HeapReAlloc
lstrlenW
ReleaseMutex
FindClose
GetFileInformationByHandle
GetFileInformationByHandleEx
FindFirstFileW
DeleteFileW
GetFinalPathNameByHandleW
GetConsoleMode
GetSystemDirectoryW
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
SetCurrentDirectoryW
ExitProcess
CreateNamedPipeW
ReadFileEx

advapi32

RegCloseKey
OpenProcessToken
GetTokenInformation
RegQueryValueExW
RegOpenKeyExW
GetLengthSid
LookupAccountSidW
CopySid
IsValidSid

shell32

CommandLineToArgvW

pdh

PdhCollectQueryData
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhAddEnglishCounterW
PdhOpenQueryA
PdhCloseQuery

powrprof

CallNtPowerInformation

ole32

CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoSetProxyBlanket

oleaut32

SysAllocString
SysFreeString
VariantClear

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo
NetUserGetLocalGroups

secur32

FreeCredentialsHandle
AcquireCredentialsHandleA
QueryContextAttributesW
DeleteSecurityContext
FreeContextBuffer
InitializeSecurityContextW
AcceptSecurityContext
EncryptMessage
LsaEnumerateLogonSessions
ApplyControlToken
LsaGetLogonSessionData
LsaFreeReturnBuffer
DecryptMessage

iphlpapi

GetAdaptersAddresses
GetIfTable2
FreeMibTable
GetIfEntry2

ws2_32

WSASocketW
connect
ioctlsocket
bind
getsockopt
shutdown
getpeername
recv
send
WSASend
setsockopt
WSAIoctl
WSAGetLastError
WSAStartup
WSACleanup
getsockname
freeaddrinfo
getaddrinfo
closesocket

crypt32

CertCloseStore
CertFreeCertificateChain
CertDuplicateCertificateChain
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertVerifyCertificateChainPolicy
CertDuplicateStore
CertGetCertificateChain
CertFreeCertificateContext
CertDuplicateCertificateContext

psapi

GetModuleFileNameExW
GetPerformanceInfo

vcruntime140

__CxxFrameHandler3
memcpy
memcmp
memset
memmove
_CxxThrowException
__current_exception
__current_exception_context
__C_specific_handler

api-ms-win-crt-string-l1-1-0

wcslen

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
_initialize_onexit_table
_initterm
_register_onexit_function
_initterm_e
_configure_narrow_argv
_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_crt_atexit
_exit
exit
_set_app_type
terminate
_seh_filter_exe

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1021KB - Virtual size: 1021KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ebaac7f9b7452bde18865ba1f885e1b8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

ntdll

kernel32

advapi32

shell32

pdh

powrprof

ole32

oleaut32

netapi32

secur32

iphlpapi

ws2_32

crypt32

psapi

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 1021KB - Virtual size: 1021KB

.data Size: 12KB - Virtual size: 12KB

.pdata Size: 116KB - Virtual size: 115KB

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 1021KB - Virtual size: 1021KB

.data
Size: 12KB - Virtual size: 12KB

.pdata
Size: 116KB - Virtual size: 115KB

.reloc
Size: 19KB - Virtual size: 18KB