vboxwrapper_2019052101_windows_x86_64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

vboxwrapper_2019052101_windows_x86_64.exe
Size

2.1MB
MD5

65b37d64ce81750e8e8b042f250082e4
SHA1

46307b37292108efb712a93eb9050e5b725b6768
SHA256

835d0eb8497e97628ae3c1c94439ca68c7c3337e7893b47e3878aa4027dae620
SHA512

1aa1f79f8970f800bbc5b6e52938b1412f0a6f7cf271f2a963da78dd3b9173ddfca6d5effe17e9bdc84c01289af2b1faec2877b28d7871f8e3163fb3f95ddae9
SSDEEP

49152:g++UbT7rB4bSGatRO3hg9XNC9VWPsh8HXUwD/:lYatR5XHX

Score

1^/10

Malware Config

Signatures

Files

vboxwrapper_2019052101_windows_x86_64.exe
.exe windows x64

8564594514deba5707b859f90920b547

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

72:33:9f:7f:32:97:46:24:71:b4:47:67:23:08:62:f8
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/01/2019, 00:00

Not After

02/01/2021, 23:59

Subject

CN=Grid Republic (COMPUTATIONAL CHARITY PROJECT INC),O=Grid Republic (COMPUTATIONAL CHARITY PROJECT INC),POSTALCODE=02139,STREET=42 Maple Ave #3,L=Cambridge,ST=MA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

58:70:e3:9c:ca:54:d3:1e:41:0d:83:98:fc:32:5c:30:b2:47:76:27
Signer

Actual PE Digest

58:70:e3:9c:ca:54:d3:1e:41:0d:83:98:fc:32:5c:30:b2:47:76:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetPriorityClass
MultiByteToWideChar
WideCharToMultiByte
GetProcessTimes
GetCurrentThread
GetThreadTimes
GetSystemTimeAsFileTime
CreateMutexA
CreateFileA
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
FindClose
GetTempFileNameA
GetDiskFreeSpaceExA
CreateDirectoryA
RemoveDirectoryA
GetFileAttributesA
DeleteFileA
FindFirstFileA
FindNextFileA
CopyFileA
MoveFileExA
LocalFree
FormatMessageW
ExpandEnvironmentStringsA
SetCurrentDirectoryA
SetUnhandledExceptionFilter
GetCurrentThreadId
GetProcAddress
GetModuleHandleA
GetVersionExA
GetCurrentProcess
OpenThread
GetThreadContext
SuspendThread
IsDebuggerPresent
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
ReleaseMutex
WaitForMultipleObjects
DuplicateHandle
MapViewOfFile
UnmapViewOfFile
CreateEventA
CreateFileMappingA
OutputDebugStringA
FreeLibrary
SetLastError
LoadLibraryA
GetModuleFileNameA
GetEnvironmentVariableA
GetCurrentDirectoryA
GetVersion
GetStdHandle
SetFilePointer
GetFileTime
SetFileTime
GetLocalTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
DosDateTimeToFileTime
GetDriveTypeA
GetFullPathNameA
SetFileAttributesA
SetVolumeLabelA
GetVolumeInformationA
GetLocaleInfoA
GetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleMode
GetFileType
SetFileAttributesW
SetEnvironmentVariableA
lstrcmpiA
lstrcpynA
lstrlenA
CreateThread
SetThreadPriority
ResumeThread
EncodePointer
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetDriveTypeW
GetCommandLineA
IsProcessorFeaturePresent
ExitThread
LoadLibraryExW
SetConsoleCtrlHandler
GetCPInfo
SetStdHandle
GetFileInformationByHandle
FlushFileBuffers
WriteFile
GetConsoleCP
FatalAppExitA
GetStartupInfoW
IsValidCodePage
GetACP
GetOEMCP
GetTimeZoneInformation
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
GetModuleHandleW
CreateSemaphoreW
GetModuleFileNameW
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
SetCurrentDirectoryW
GetCurrentDirectoryW
ReadConsoleW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateFileW
GetStringTypeW
MoveFileExW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
WriteConsoleW
OutputDebugStringW
GetFullPathNameW
GetFileAttributesExW
lstrlenW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RemoveDirectoryW
CreateDirectoryW
SetEnvironmentVariableW
DeleteFileW
OpenFileMappingA
LocalAlloc
Thread32Next
Thread32First
CreateToolhelp32Snapshot
DebugBreak
RaiseException
GetProcessWorkingSetSize
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DecodePointer
PeekNamedPipe
CreatePipe
SetHandleInformation
ReadFile
Sleep
WaitForSingleObject
TerminateProcess
OpenProcess
CreateProcessA
CloseHandle
GetLastError
GetExitCodeProcess
GetFileAttributesW
GetCurrentProcessId

user32

UnregisterClassA
CharToOemA
OemToCharA
GetClassNameA
GetWindowTextA
GetForegroundWindow
GetWindowThreadProcessId

ole32

OleRun
CoCreateInstance
CoInitialize

wsock32

htons
ioctlsocket
htonl
ntohs
socket
gethostbyname
WSACleanup
WSAGetLastError
getsockopt
getsockname
inet_ntoa
closesocket
bind
WSAStartup
ntohl

advapi32

SetEntriesInAclA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptReleaseContext
CryptGenRandom
GetKernelObjectSecurity
OpenProcessToken
AdjustTokenPrivileges
IsValidSid
IsValidAcl
IsValidSecurityDescriptor
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
SetKernelObjectSecurity
LookupPrivilegeValueA
GetSecurityDescriptorLength
AllocateAndInitializeSid
FreeSid
CryptAcquireContextA

shell32

SHGetFolderPathA

oleaut32

CreateErrorInfo
SetErrorInfo
VariantChangeType
VariantClear
VariantInit
GetErrorInfo
SafeArrayGetVartype
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SysAllocStringByteLen
SysStringByteLen
SysFreeString
SysAllocStringLen
SysAllocString

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 540KB - Virtual size: 540KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 511KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8564594514deba5707b859f90920b547

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

72:33:9f:7f:32:97:46:24:71:b4:47:67:23:08:62:f8Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

58:70:e3:9c:ca:54:d3:1e:41:0d:83:98:fc:32:5c:30:b2:47:76:27Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

wsock32

advapi32

shell32

oleaut32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 540KB - Virtual size: 540KB

.data Size: 29KB - Virtual size: 511KB

.pdata Size: 55KB - Virtual size: 55KB

.idata Size: 11KB - Virtual size: 10KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 15KB - Virtual size: 14KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

72:33:9f:7f:32:97:46:24:71:b4:47:67:23:08:62:f8
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

58:70:e3:9c:ca:54:d3:1e:41:0d:83:98:fc:32:5c:30:b2:47:76:27
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 540KB - Virtual size: 540KB

.data
Size: 29KB - Virtual size: 511KB

.pdata
Size: 55KB - Virtual size: 55KB

.idata
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 15KB - Virtual size: 14KB