vboxwrapper_2020033001_windows_x86_64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

vboxwrapper_2020033001_windows_x86_64.exe
Size

2.3MB
MD5

9bf8ef4297b304c1da4526b1ee35feda
SHA1

b004cdb7a5f03b63df608d40c1389311f0554b58
SHA256

333c264ccbbf589cfc8a6cbec204b67a3b71537e256b2b6a0dd67c4376a01ce7
SHA512

60bd4ad267692d2af4f4d09312f7f44c134c000966a9ac4333f2e561e6fc7a634dd99cf85637c40f99cf5cc6f32aaf7ba8cf04a27bafc12d7e3508d83cfef9a5
SSDEEP

49152:QyBu+AAV6RBG+sKSRA37dJaCiGgVxsI4xQzD:9KSRA3bi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
vboxwrapper_2020033001_windows_x86_64.exe

Files

vboxwrapper_2020033001_windows_x86_64.exe
.exe windows x64

a46da8203f2774467905c5ce7900695d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetPriorityClass
MultiByteToWideChar
WideCharToMultiByte
GetProcessTimes
GetCurrentThread
GetThreadTimes
GetSystemTimeAsFileTime
CreateMutexA
GetModuleFileNameA
CreateFileA
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
FindClose
GetTempFileNameA
GetDiskFreeSpaceExA
CreateDirectoryA
RemoveDirectoryA
GetFileAttributesA
DeleteFileA
FindFirstFileA
FindNextFileA
CopyFileA
MoveFileExA
LocalFree
FormatMessageW
ExpandEnvironmentStringsA
SetCurrentDirectoryA
SetUnhandledExceptionFilter
GetCurrentThreadId
GetProcAddress
GetModuleHandleA
GetVersionExA
GetCurrentProcess
OpenThread
GetThreadContext
SuspendThread
IsDebuggerPresent
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
ReleaseMutex
WaitForMultipleObjects
DuplicateHandle
MapViewOfFile
UnmapViewOfFile
CreateEventA
CreateFileMappingA
OutputDebugStringA
FreeLibrary
SetLastError
LoadLibraryA
GetEnvironmentVariableA
GetCurrentDirectoryA
GetVersion
GetStdHandle
SetFilePointer
GetFileTime
SetFileTime
GetLocalTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
DosDateTimeToFileTime
GetDriveTypeA
GetFullPathNameA
SetFileAttributesA
SetVolumeLabelA
GetVolumeInformationA
GetLocaleInfoA
GetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleMode
GetFileType
SetFileAttributesW
SetEnvironmentVariableA
lstrcmpiA
lstrcpynA
lstrlenA
CreateThread
SetThreadPriority
ResumeThread
EncodePointer
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetDriveTypeW
GetCommandLineA
IsProcessorFeaturePresent
ExitThread
LoadLibraryExW
SetConsoleCtrlHandler
GetCPInfo
SetStdHandle
GetFileInformationByHandle
FlushFileBuffers
WriteFile
GetConsoleCP
FatalAppExitA
GetStartupInfoW
IsValidCodePage
GetACP
GetOEMCP
GetTimeZoneInformation
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
GetModuleHandleW
CreateSemaphoreW
GetModuleFileNameW
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
SetCurrentDirectoryW
GetCurrentDirectoryW
ReadConsoleW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateFileW
GetStringTypeW
MoveFileExW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
WriteConsoleW
OutputDebugStringW
GetFullPathNameW
GetFileAttributesExW
lstrlenW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RemoveDirectoryW
CreateDirectoryW
SetEnvironmentVariableW
DeleteFileW
OpenFileMappingA
LocalAlloc
Thread32Next
Thread32First
CreateToolhelp32Snapshot
DebugBreak
RaiseException
GetProcessWorkingSetSize
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DecodePointer
PeekNamedPipe
CreatePipe
SetHandleInformation
ReadFile
Sleep
WaitForSingleObject
TerminateProcess
OpenProcess
CreateProcessA
CloseHandle
GetLastError
GetExitCodeProcess
GetFileAttributesW
GetCurrentProcessId

user32

UnregisterClassA
CharToOemA
OemToCharA
GetClassNameA
GetWindowTextA
GetForegroundWindow
GetWindowThreadProcessId

ole32

OleRun
CoCreateInstance
CoInitialize

wsock32

htons
ioctlsocket
htonl
ntohs
socket
gethostbyname
WSACleanup
WSAGetLastError
getsockopt
getsockname
inet_ntoa
closesocket
bind
WSAStartup
ntohl

advapi32

SetEntriesInAclA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptReleaseContext
CryptGenRandom
GetKernelObjectSecurity
OpenProcessToken
AdjustTokenPrivileges
IsValidSid
IsValidAcl
IsValidSecurityDescriptor
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
SetKernelObjectSecurity
LookupPrivilegeValueA
GetSecurityDescriptorLength
AllocateAndInitializeSid
FreeSid
CryptAcquireContextA

shell32

SHGetFolderPathA

oleaut32

CreateErrorInfo
SetErrorInfo
VariantChangeType
VariantClear
VariantInit
GetErrorInfo
SafeArrayGetVartype
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SysAllocStringByteLen
SysStringByteLen
SysFreeString
SysAllocStringLen
SysAllocString

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 587KB - Virtual size: 587KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 567KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a46da8203f2774467905c5ce7900695d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

wsock32

advapi32

shell32

oleaut32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 587KB - Virtual size: 587KB

.data Size: 29KB - Virtual size: 567KB

.pdata Size: 59KB - Virtual size: 58KB

.idata Size: 11KB - Virtual size: 10KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 587KB - Virtual size: 587KB

.data
Size: 29KB - Virtual size: 567KB

.pdata
Size: 59KB - Virtual size: 58KB

.idata
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 15KB - Virtual size: 15KB