ScreenShot
| Created | 2025.04.21 13:33 | Machine | s1_win7_x6401 |
| Filename | chromedriver.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 58 detected (AIDetectMalware, Lumma, Malicious, score, Trojanpws, RAHack, GenericKDZ, Unsafe, Save, confidence, 100%, GenusT, EVUP, Attribute, HighConfidence, high confidence, Kryptik, MalwareX, TrojanPSW, Kryptik@AI, RDML, tiiEASxKYVRtCYRGPxlGMQ, pkdne, LUMMASTEALER, YXFDSZ, Krypt, Static AI, Suspicious PE, eyjt, Detected, GrayWare, Wacapew, LummaC, ABApplication, IRIV, R700921, Artemis, GdSda, Gencirc, PQ49L, po7hM, susgen, GenKryptik, HIHK, GSO2XJC) | ||
| md5 | 66d9a0d44c51c98a087c4435d5390475 | ||
| sha256 | e8d9018e03146038089e455a14ee2bb0fc67bccb9b1b13eaf000060ecc384445 | ||
| ssdeep | 12288:BOMhuQU6LugAiAe4lo8ZlWgJIC+CfkMv5iavBCA4t1anWhwLjkOQNi1xXThVOioF:U5jJoCftZjswLjiOVTfHjswLjiOVTf8 | ||
| imphash | 27edcdc26ece14730711ef2521583ca2 | ||
| impfuzzy | 24:hWnxWDoQlQtyOovbOGMUD1ulvgkWDpZWylnjBLPxQXRKT07GyiJUJYjz:hWxQo3l3612MZxJjBbxQrGyJJC | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 58 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140092758 AcquireSRWLockExclusive
0x140092760 CloseHandle
0x140092768 CreateFileA
0x140092770 CreateFileW
0x140092778 CreateThread
0x140092780 DecodePointer
0x140092788 DeleteCriticalSection
0x140092790 EncodePointer
0x140092798 EnterCriticalSection
0x1400927a0 EnumSystemLocalesW
0x1400927a8 ExitProcess
0x1400927b0 ExitThread
0x1400927b8 FindClose
0x1400927c0 FindFirstFileExW
0x1400927c8 FindNextFileW
0x1400927d0 FlsAlloc
0x1400927d8 FlsFree
0x1400927e0 FlsGetValue
0x1400927e8 FlsSetValue
0x1400927f0 FlushFileBuffers
0x1400927f8 FreeEnvironmentStringsW
0x140092800 FreeLibrary
0x140092808 FreeLibraryAndExitThread
0x140092810 GetACP
0x140092818 GetCPInfo
0x140092820 GetCommandLineA
0x140092828 GetCommandLineW
0x140092830 GetConsoleMode
0x140092838 GetConsoleOutputCP
0x140092840 GetCurrentProcess
0x140092848 GetCurrentProcessId
0x140092850 GetCurrentThreadId
0x140092858 GetEnvironmentStringsW
0x140092860 GetExitCodeThread
0x140092868 GetFileSize
0x140092870 GetFileSizeEx
0x140092878 GetFileType
0x140092880 GetLastError
0x140092888 GetLocaleInfoW
0x140092890 GetModuleFileNameW
0x140092898 GetModuleHandleA
0x1400928a0 GetModuleHandleExW
0x1400928a8 GetModuleHandleW
0x1400928b0 GetOEMCP
0x1400928b8 GetProcAddress
0x1400928c0 GetProcessHeap
0x1400928c8 GetStartupInfoW
0x1400928d0 GetStdHandle
0x1400928d8 GetStringTypeW
0x1400928e0 GetSystemTimeAsFileTime
0x1400928e8 GetUserDefaultLCID
0x1400928f0 HeapAlloc
0x1400928f8 HeapFree
0x140092900 HeapReAlloc
0x140092908 HeapSize
0x140092910 InitializeCriticalSectionAndSpinCount
0x140092918 InitializeCriticalSectionEx
0x140092920 InitializeSListHead
0x140092928 IsDebuggerPresent
0x140092930 IsProcessorFeaturePresent
0x140092938 IsValidCodePage
0x140092940 IsValidLocale
0x140092948 LCMapStringEx
0x140092950 LCMapStringW
0x140092958 LeaveCriticalSection
0x140092960 LoadLibraryExW
0x140092968 MultiByteToWideChar
0x140092970 QueryPerformanceCounter
0x140092978 QueryPerformanceFrequency
0x140092980 RaiseException
0x140092988 ReadConsoleW
0x140092990 ReadFile
0x140092998 ReleaseSRWLockExclusive
0x1400929a0 RtlCaptureContext
0x1400929a8 RtlLookupFunctionEntry
0x1400929b0 RtlPcToFileHeader
0x1400929b8 RtlUnwind
0x1400929c0 RtlUnwindEx
0x1400929c8 RtlVirtualUnwind
0x1400929d0 SetFilePointerEx
0x1400929d8 SetLastError
0x1400929e0 SetStdHandle
0x1400929e8 SetUnhandledExceptionFilter
0x1400929f0 Sleep
0x1400929f8 SleepConditionVariableSRW
0x140092a00 TerminateProcess
0x140092a08 TlsAlloc
0x140092a10 TlsFree
0x140092a18 TlsGetValue
0x140092a20 TlsSetValue
0x140092a28 TryAcquireSRWLockExclusive
0x140092a30 UnhandledExceptionFilter
0x140092a38 WaitForSingleObjectEx
0x140092a40 WakeAllConditionVariable
0x140092a48 WideCharToMultiByte
0x140092a50 WriteConsoleW
0x140092a58 WriteFile
EAT(Export Address Table) is none
KERNEL32.dll
0x140092758 AcquireSRWLockExclusive
0x140092760 CloseHandle
0x140092768 CreateFileA
0x140092770 CreateFileW
0x140092778 CreateThread
0x140092780 DecodePointer
0x140092788 DeleteCriticalSection
0x140092790 EncodePointer
0x140092798 EnterCriticalSection
0x1400927a0 EnumSystemLocalesW
0x1400927a8 ExitProcess
0x1400927b0 ExitThread
0x1400927b8 FindClose
0x1400927c0 FindFirstFileExW
0x1400927c8 FindNextFileW
0x1400927d0 FlsAlloc
0x1400927d8 FlsFree
0x1400927e0 FlsGetValue
0x1400927e8 FlsSetValue
0x1400927f0 FlushFileBuffers
0x1400927f8 FreeEnvironmentStringsW
0x140092800 FreeLibrary
0x140092808 FreeLibraryAndExitThread
0x140092810 GetACP
0x140092818 GetCPInfo
0x140092820 GetCommandLineA
0x140092828 GetCommandLineW
0x140092830 GetConsoleMode
0x140092838 GetConsoleOutputCP
0x140092840 GetCurrentProcess
0x140092848 GetCurrentProcessId
0x140092850 GetCurrentThreadId
0x140092858 GetEnvironmentStringsW
0x140092860 GetExitCodeThread
0x140092868 GetFileSize
0x140092870 GetFileSizeEx
0x140092878 GetFileType
0x140092880 GetLastError
0x140092888 GetLocaleInfoW
0x140092890 GetModuleFileNameW
0x140092898 GetModuleHandleA
0x1400928a0 GetModuleHandleExW
0x1400928a8 GetModuleHandleW
0x1400928b0 GetOEMCP
0x1400928b8 GetProcAddress
0x1400928c0 GetProcessHeap
0x1400928c8 GetStartupInfoW
0x1400928d0 GetStdHandle
0x1400928d8 GetStringTypeW
0x1400928e0 GetSystemTimeAsFileTime
0x1400928e8 GetUserDefaultLCID
0x1400928f0 HeapAlloc
0x1400928f8 HeapFree
0x140092900 HeapReAlloc
0x140092908 HeapSize
0x140092910 InitializeCriticalSectionAndSpinCount
0x140092918 InitializeCriticalSectionEx
0x140092920 InitializeSListHead
0x140092928 IsDebuggerPresent
0x140092930 IsProcessorFeaturePresent
0x140092938 IsValidCodePage
0x140092940 IsValidLocale
0x140092948 LCMapStringEx
0x140092950 LCMapStringW
0x140092958 LeaveCriticalSection
0x140092960 LoadLibraryExW
0x140092968 MultiByteToWideChar
0x140092970 QueryPerformanceCounter
0x140092978 QueryPerformanceFrequency
0x140092980 RaiseException
0x140092988 ReadConsoleW
0x140092990 ReadFile
0x140092998 ReleaseSRWLockExclusive
0x1400929a0 RtlCaptureContext
0x1400929a8 RtlLookupFunctionEntry
0x1400929b0 RtlPcToFileHeader
0x1400929b8 RtlUnwind
0x1400929c0 RtlUnwindEx
0x1400929c8 RtlVirtualUnwind
0x1400929d0 SetFilePointerEx
0x1400929d8 SetLastError
0x1400929e0 SetStdHandle
0x1400929e8 SetUnhandledExceptionFilter
0x1400929f0 Sleep
0x1400929f8 SleepConditionVariableSRW
0x140092a00 TerminateProcess
0x140092a08 TlsAlloc
0x140092a10 TlsFree
0x140092a18 TlsGetValue
0x140092a20 TlsSetValue
0x140092a28 TryAcquireSRWLockExclusive
0x140092a30 UnhandledExceptionFilter
0x140092a38 WaitForSingleObjectEx
0x140092a40 WakeAllConditionVariable
0x140092a48 WideCharToMultiByte
0x140092a50 WriteConsoleW
0x140092a58 WriteFile
EAT(Export Address Table) is none