VirtualBox-6[.]1[.]16-140961-OSX[.]dmg

Sharing

Copy URL Twitter E-mail

General

Target

VirtualBox-6.1.16-140961-OSX.dmg
Size

118.5MB
MD5

934d9fb7514e6b056757ad6f09584f53
SHA1

e7a8e8a1a8c0f37387c7d7d0f57cb4d9310c3b38
SHA256

d7df0f05d9a9e7cba50ea01da264ac20948b1c9c0e0cccd2d628085c9f434d45
SHA512

3f5f7c2be43100f39a7bff90caae7e5ffdd728f767d133961b82f128ea381a05aa2850695fb93d0763940cb98c8a0e862250dfc8853b31cd69937342b4176ce9
SSDEEP

1572864:elpZmBsRbW7a/U1re2gs3ex+QodDW/D1ENyw1z7TPR0QbavT0DREAt/huT70JynY:wfRv/AeCX9MDuN3JR1DREU/YnnyJ

Score

4^/10

pdf link

Malware Config

Signatures

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

resource	yara_rule
static1/unpack001/VirtualBox/UserManual.pdf	pdf_with_link_action

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Files

VirtualBox-6.1.16-140961-OSX.dmg
.dmg .bz2 macos
VirtualBox/.DS_Store
VirtualBox/.background/vbox_folder.tiff
VirtualBox/.journal
VirtualBox/.journal_info_block
VirtualBox/UserManual.pdf
.pdf
- https://docs.oracle.com/en/virtualization/virtualbox/index.html
- http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc
- http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info
- http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs
- http://www.virtualbox.org
- https://docs.cloud.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm#How
- https://docs.cloud.oracle.com/iaas/Content/API/Concepts/sdkconfig.htm
- https://docs.cloud.oracle.com/iaas/Content/Compute/Tasks/importingcustomimagelinux.htm
- http://www.python.org/download/windows/
- http://downloadcenter.intel.com/Product_Filter.aspx?ProductID=2101
- http://www.linux-kvm.org/page/WindowsGuestDrivers
- http://wiki.virtualsquare.org/wiki/index.php/VDE_Basic_Networking
- http://www.virtualbox.org/wiki/VBoxLogging
- https://developer.apple.com/library/mac/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html
- http://developer.apple.com/mac/library/documentation/MacOSX/Conceptual/BPSystemStartup/BPSystemStartup.html
- http://www.virtualbox.org/wiki/Core_dump
- http://www.virtualbox.org/wiki/Network_tips
- http://downloads.openwatcom.org/ftp/devel/docs/elf-64-gen.pdf
- http://support.microsoft.com/kb/154501
- http://www.mail-archive.com/[email protected]/msg30813.html
- http://www.grsecurity.net/
- https://www.virtualbox.org/wiki/Changelog
- http://etherboot.sourceforge.net/clinks.html
- http://www.cs.fsu.edu/~engelen/soaplicense.html
- https://www.oracle.com/legal/privacy/privacy-policy.html
- https://docs.oracle.com/en/virtualization/virtualbox/index.htmlConventionsThefollowingtextconventionsareusedinthisdocument:
- http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.AccesstoOracleSupportOraclecustomersthathavepurchasedsupporthaveaccesstoelectronicsupportthroughMyOracleSupport.Forinformation,visithttp://www.oracle.com/pls/topic/lookup?ctx=acc&id=infoorvisithttp://www.oracle.com/pls/topic/lookup?ctx=acc&id=trsifyouarehearingimpaired.i
- http://www.python.org/download/windows/.Note:Pythonversionatleast2.6isrequired.Python3isalsosupported.33
- http://050.run
- http://050VirtualBox.run
- http://VirtualBox.run
- http://002lesarecontainedinVirtualBox.tar.bz
- http://VirtualBox.tar.bz
- http://vboxdrv.sh/sbin/rcvboxdrvThisexampleassumesyouinstalledOracleVMVirtualBoxtothe/opt/VirtualBoxdirectory.Createacon
- http://VBox.sh/usr/bin/VirtualBoxln-sf/opt/VirtualBox/VBox.sh/usr/bin/VBoxManageln-sf/opt/VirtualBox/VBox.sh/usr/bin/VBoxHeadless2.3.3.4UpdatingandUninstallingOracleVMVirtualBoxBeforeupdatingoruninstallingOracleVMVirtualBox,youmustterminateanyvirtualmachineswhicharecurrentlyrunningandexittheOracleVMVirtualBoxorVBoxSVCapplications.ToupdateOracleVMVirtualBox,simplyruntheinstalleroftheupdatedversion.TouninstallOracleVMVirtualBox,runtheinstallerasfollows:sudo./VirtualBox.rununinstallAsroot,youcanusethefollowingcommand:./VirtualBox.rununinstallYoucanuninstallthe.runpackageasfollows:/opt/VirtualBox/uninstall.shTomanuallyuninstallOracleVMVirtualBox,performthemanualinstallationstepsinreverseorder.2.3.3.5AutomaticInstallationofDebianPackagesTheDebianpackageswillrequestsomeuserfeedbackwheninstalledforthe
- http://VBoxLinuxAdditions.run
- http://uninstall.sh
- http://downloadcenter.intel.com/Product_Filter.aspx?ProductID=2101.ToaddaSATAcontrollertoamachineforwhichithasnotbeenenabledbydefault,eitherbecauseitwascreatedbyanearlierversionofOracleVMVirtualBox,orbecauseSATAisnotsupportedbydefaultbytheselectedguestOS,dothefollowing.GototheStoragepageofthemachine'sSettingsdialog,clickAddControllerundertheStorageTreeboxandthenselectAddSATAController.ThenewcontrollerappearsasaseparatePCIdeviceinthevirtualmachine,andyoucanaddvirtualdiskstoit.TochangetheIDEcompatibilitymodesettingsfortheSATAcontroller,seechapter8.18,VBoxManagestoragectl,page174.
- http://www.linux-kvm.org/page/WindowsGuestDrivers.OracleVMVirtualBoxalsohaslimitedsupportforjumboframes.Thesearenetworkingpacketswithmorethan1500bytesofdata,providedthatyouusetheIntelcardvirtualizationandbridgednetworking.JumboframesarenotsupportedwiththeAMDnetworkingdevices.Inthosecases,jumbopacketswillsilentlybedroppedforboththetransmitandthereceivedirection.Guestoperatingsystemstryingtousethisfeaturewillobservethisasapacketloss,whichmayleadtounexpectedapplicationbehaviorintheguest.Thisdoesnotcauseproblemswithguestoperatingsystemsintheirdefaultcon
- http://wiki.virtualsquare.org/wiki/index.php/VDE_Basic_Networking.6.10LimitingBandwidthforNetworkInput/OutputOracleVMVirtualBoxsupportslimitingofthemaximumbandwidthusedfornetworktransmis-sion.SeveralnetworkadaptersofoneVMmaysharelimitsthroughbandwidthgroups.Itispossibletohavemorethanonesuchlimit.Note:OracleVMVirtualBoxshapesVMtraf
- http://www.win.tue.nl/~aeb/linux/kbd/scancodes-1.html.
- http://www.virtualbox.org/wiki/VBoxLogging.proxymodeCon
- http://vmname.myguest.virtualbox.org
- http://ifsupportedbythehostOS.com
- http://002xeachloglinewiththeIDofthecurrentCPU.pid
- http://usethe--with-autologonoptionwhenstartingtheVBoxLinuxAdditions.run
- http://.fb.org
- http://noSelectorDonotallowuserstostarttheVirtualBoxManager.Tryingtodosowillshowawindowcontainingapropererrormessage.noMenuBarVMwindowswillnotcontainamenubar.no
- https://developer.apple.com/library/mac/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html.9.19OracleVMVirtualBoxWatchdogThememoryballooningservice,formerlyknownasVBoxBalloonCtrl,wasrenamedtoVBoxWatchdog.Thisservicenowincorporatesthefollowinghostservicesthataremeanttoberuninaserverenvironment:
- http://VirtualBox.app/Contents/MacOS/org.virtualbox.vboxautostart.plist.Toenabletheservicecopythe
- http://developer.apple.com/mac/library/documentation/MacOSX/Conceptual/BPSystemStartup/BPSystemStartup.html.285
- http://www.virtualbox.org/wiki/Core_dump.YoucanalsouseVBoxManagedebugvmtocreateadumpofacompletevirtualmachine.Seechapter8.43,VBoxManagedebugvm,page223.Fornetworkrelatedproblems,itisoftenhelpfultocaptureatraceofnetworktraf
- http://www.virtualbox.org/wiki/Network_tips.Thetrace
- http://downloads.openwatcom.org/ftp/devel/docs/elf-64-gen.pdf.TheoveralllayoutoftheVMcoreformatisasfollows:[ELF64Header][ProgramHeader,typePT_NOTE]!offsettoCOREDESCRIPTOR[ProgramHeader,typePT_LOAD]-oneforeachcontiguousphysicalmemoryrange!Memoryoffsetofrange!Fileoffset[NoteHeader,typeNT_VBOXCORE][COREDESCRIPTOR]!Magic!VMcorefileversion!VBoxversion!NumberofvCPUsetc.[NoteHeader,typeNT_VBOXCPU]-oneforeachvCPU[vCPU1NoteHeader][DBGFCORECPU-vCPU1dump][AdditionalNotes+Data]-currentlyunused[Memorydump]315
- http://002esthedisk.is
- http://support.microsoft.com/kb/154501.12.3.11Windows3.xLimitedto64MBRAMWindows3.xguestsaretypicallylimitedto64MBRAM,evenifaVMisassignedmuchmorememory.WhileWindows3.1istheoreticallycapableofusingupto512MBRAM,itonlyusesmemoryavailablethroughtheXMSinterface.VersionsofHIMEM.SYS,theMicrosoftXMSman-ager,shippedwithMS-DOSandMicrosoftWindows3.xcanonlyuseupto64MBonstandardPCs.ThisisaknownHIMEM.SYSlimitation.Windows3.1memorylimitsaredescribedindetailinMicrosoftKnowledgebasearticleKB84388.ItispossibleforWindows3.xgueststoutilizemorethan64MBRAMifadifferentXMSproviderisused.ThatcouldbeanewerHIMEM.SYSversion,suchasthatshippedwithWindows98,oramorecapablethird-partymemorymanager,suchasQEMM.320
- http://www.mail-archive.com/[email protected]/msg30813.htmlfordetailsaboutthekernel
- http://www.grsecurity.net/,andderivateshavetodisablePAX_MPROTECTfortheVBoxbinariestobeabletostartaVM.ThereasonisthatOracleVMVirtualBoxhastocreateexecutablecodeonanonymousmemory.12.7.7LinuxKernelvmallocPoolExhaustedWhenrunningalargenumberofVMswithalotofRAMonaLinuxsystem,say20VMswith1GBofRAMeach,additionalVMsmightfailtostartwithakernelerrorsayingthatthevmallocpoolisexhaustedandshouldbeextended.Theerrormessagealsotellsyoutospecifyvmalloc=256MBinyourkernelparameterlist.IfaddingthisparametertoyourGRUBorLILOcon
- http://134DG_Readiness_Tool_vX.X.ps
- https://www.virtualbox.org/wiki/Changelog.342
- http://cryptsoft.com
- http://schmorp.de
- http://fensystems.co.uk
- http://libgd.org
- http://cendio.se
- http://050www.freetype.org
- http://www.mozilla.org/MPL/SoftwaredistributedundertheLicenseisdistributedonan
- http://alumni.caltech.edu
- http://www.cs.fsu.edu/~engelen/soaplicense.html.SoftwaredistributedundertheLicenseisdistributedonan
- http://llnl.gov
- http://haxx.se
- http://lucent.com
- http://ltmain.sh
- http://cam.ac.uk
- http://freemail.hu
- http://003tk.org/str.php2.WidgetsthataresubclassedfromFLTKwidgetsdonotconstituteaderivativework.3.StaticlinkingofapplicationsandwidgetstotheFLTKlibrarydoesnotconstituteaderiva-tiveworkanddoesnotrequiretheauthortoprovidesourcecodefortheapplicationorwidget,usethesharedFLTKlibraries,orlinktheirapplicationsorwidgetsagainstauser-suppliedversionofFLTK.Ifyoulinktheapplicationorwidgettoamodi
- http://003tk.org
- http://nongnu.org
- http://www.freetype.org
- https://datatracker.ietf.org/ipr/1524/MicrosoftCorporation:https://datatracker.ietf.org/ipr/1914/BroadcomCorporation:https://datatracker.ietf.org/ipr/1526/16.2.31FUSEformacOSLicenseCopyright
- https://www.oracle.com/legal/privacy/privacy-policy.htmlapplytoyourpersonaldatacollectedandusedbyOracle.ThefollowingprivacyinformationdescribesinmoredetailwhichinformationisexchangedbetweentheOracleVMVirtualBoxapplicationandOracle,andwhichinformationiscollectedbythevirtualbox.orgwebsite.
- http://2471virtualbox.org
- http://223virtualbox.org
- https://www.oracle.com/legal/privacy/privacy-policy.htmlandtheprivacyinforma-tionwillbekeptuptodateinthedocumentationwhichcomeswiththeOracleVMVirtualBoxap-plication.Youshouldchecktheseplacesoccasionallytoensureyouarehappywithanychanges.382
- Show all
VirtualBox/VirtualBox.pkg
.pkg macos
VirtualBox/VirtualBox_Uninstall.tool
.sh linux