vboxwrapper_2020022402_windows_x86_64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

vboxwrapper_2020022402_windows_x86_64.exe
Size

2.3MB
MD5

a6a9a40db137af1fb3e3d531d63e6151
SHA1

ee763b198443366880a6155524d1e0e1bb4adde4
SHA256

6268c8b44d1928a6d46f57250e7fcf653e4ad5e48c90358548b62b7709c92add
SHA512

91d43a247d447c1380addb7e1c1581d22e4e67fec78fd2e8dc549d02d8872128c15b9d796c1e8709e3003d6627f86c9f58dd746ba7600548ac8ee5a6fe0b780e
SSDEEP

49152:sfM/ogpD8MxHpEjJnNn0eLeb0D3klSFIsQh8N3Sp2kyb6MBaitz1PqK68Db:sc2jRNn0N43RnSp2kyb6MBaitz1Pqo

Score

1^/10

Malware Config

Signatures

Files

vboxwrapper_2020022402_windows_x86_64.exe
.exe windows x64

a46da8203f2774467905c5ce7900695d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

72:33:9f:7f:32:97:46:24:71:b4:47:67:23:08:62:f8
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/01/2019, 00:00

Not After

02/01/2021, 23:59

Subject

CN=Grid Republic (COMPUTATIONAL CHARITY PROJECT INC),O=Grid Republic (COMPUTATIONAL CHARITY PROJECT INC),POSTALCODE=02139,STREET=42 Maple Ave #3,L=Cambridge,ST=MA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e4:ee:f7:2e:91:5f:64:9a:06:11:f0:bb:8d:6b:3f:7d:87:21:4a:3f
Signer

Actual PE Digest

e4:ee:f7:2e:91:5f:64:9a:06:11:f0:bb:8d:6b:3f:7d:87:21:4a:3f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetPriorityClass
MultiByteToWideChar
WideCharToMultiByte
GetProcessTimes
GetCurrentThread
GetThreadTimes
GetSystemTimeAsFileTime
CreateMutexA
GetModuleFileNameA
CreateFileA
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
FindClose
GetTempFileNameA
GetDiskFreeSpaceExA
CreateDirectoryA
RemoveDirectoryA
GetFileAttributesA
DeleteFileA
FindFirstFileA
FindNextFileA
CopyFileA
MoveFileExA
LocalFree
FormatMessageW
ExpandEnvironmentStringsA
SetCurrentDirectoryA
SetUnhandledExceptionFilter
GetCurrentThreadId
GetProcAddress
GetModuleHandleA
GetVersionExA
GetCurrentProcess
OpenThread
GetThreadContext
SuspendThread
IsDebuggerPresent
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
ReleaseMutex
WaitForMultipleObjects
DuplicateHandle
MapViewOfFile
UnmapViewOfFile
CreateEventA
CreateFileMappingA
OutputDebugStringA
FreeLibrary
SetLastError
LoadLibraryA
GetEnvironmentVariableA
GetCurrentDirectoryA
GetVersion
GetStdHandle
SetFilePointer
GetFileTime
SetFileTime
GetLocalTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
DosDateTimeToFileTime
GetDriveTypeA
GetFullPathNameA
SetFileAttributesA
SetVolumeLabelA
GetVolumeInformationA
GetLocaleInfoA
GetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleMode
GetFileType
SetFileAttributesW
SetEnvironmentVariableA
lstrcmpiA
lstrcpynA
lstrlenA
CreateThread
SetThreadPriority
ResumeThread
EncodePointer
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetDriveTypeW
GetCommandLineA
IsProcessorFeaturePresent
ExitThread
LoadLibraryExW
SetConsoleCtrlHandler
GetCPInfo
SetStdHandle
GetFileInformationByHandle
FlushFileBuffers
WriteFile
GetConsoleCP
FatalAppExitA
GetStartupInfoW
IsValidCodePage
GetACP
GetOEMCP
GetTimeZoneInformation
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
GetModuleHandleW
CreateSemaphoreW
GetModuleFileNameW
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
SetCurrentDirectoryW
GetCurrentDirectoryW
ReadConsoleW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateFileW
GetStringTypeW
MoveFileExW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
WriteConsoleW
OutputDebugStringW
GetFullPathNameW
GetFileAttributesExW
lstrlenW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RemoveDirectoryW
CreateDirectoryW
SetEnvironmentVariableW
DeleteFileW
OpenFileMappingA
LocalAlloc
Thread32Next
Thread32First
CreateToolhelp32Snapshot
DebugBreak
RaiseException
GetProcessWorkingSetSize
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DecodePointer
PeekNamedPipe
CreatePipe
SetHandleInformation
ReadFile
Sleep
WaitForSingleObject
TerminateProcess
OpenProcess
CreateProcessA
CloseHandle
GetLastError
GetExitCodeProcess
GetFileAttributesW
GetCurrentProcessId

user32

UnregisterClassA
CharToOemA
OemToCharA
GetClassNameA
GetWindowTextA
GetForegroundWindow
GetWindowThreadProcessId

ole32

OleRun
CoCreateInstance
CoInitialize

wsock32

htons
ioctlsocket
htonl
ntohs
socket
gethostbyname
WSACleanup
WSAGetLastError
getsockopt
getsockname
inet_ntoa
closesocket
bind
WSAStartup
ntohl

advapi32

SetEntriesInAclA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptReleaseContext
CryptGenRandom
GetKernelObjectSecurity
OpenProcessToken
AdjustTokenPrivileges
IsValidSid
IsValidAcl
IsValidSecurityDescriptor
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
SetKernelObjectSecurity
LookupPrivilegeValueA
GetSecurityDescriptorLength
AllocateAndInitializeSid
FreeSid
CryptAcquireContextA

shell32

SHGetFolderPathA

oleaut32

CreateErrorInfo
SetErrorInfo
VariantChangeType
VariantClear
VariantInit
GetErrorInfo
SafeArrayGetVartype
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SysAllocStringByteLen
SysStringByteLen
SysFreeString
SysAllocStringLen
SysAllocString

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 585KB - Virtual size: 585KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 567KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a46da8203f2774467905c5ce7900695d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

72:33:9f:7f:32:97:46:24:71:b4:47:67:23:08:62:f8Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

e4:ee:f7:2e:91:5f:64:9a:06:11:f0:bb:8d:6b:3f:7d:87:21:4a:3fSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

wsock32

advapi32

shell32

oleaut32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 585KB - Virtual size: 585KB

.data Size: 29KB - Virtual size: 567KB

.pdata Size: 59KB - Virtual size: 58KB

.idata Size: 11KB - Virtual size: 10KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 15KB - Virtual size: 15KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

72:33:9f:7f:32:97:46:24:71:b4:47:67:23:08:62:f8
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

e4:ee:f7:2e:91:5f:64:9a:06:11:f0:bb:8d:6b:3f:7d:87:21:4a:3f
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 585KB - Virtual size: 585KB

.data
Size: 29KB - Virtual size: 567KB

.pdata
Size: 59KB - Virtual size: 58KB

.idata
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 15KB - Virtual size: 15KB