VirtualBox-7[.]0[.]12-159484-Win[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

VirtualBox-7.0.12-159484-Win.exe
Size

105.8MB
MD5

ad722a4cf47361209a0c6ed9a208a3a5
SHA1

423abd539e3217b812ce325abd646d8a64341c4a
SHA256

7706e80a4b8b86dd6561123b1c3eeca032ef134d35fa3fc32cfd70afbf3d5e90
SHA512

f45b51870fd89146338fe40ef8b87bff93ae087c582d447bf0c284b55c5d46aff495e055455f95448018335bc53f775e36488733a960f43912a2f253757a54b2
SSDEEP

786432:+KRXwSAO/nbbEuw7GHF+XtEMnS7zs0+OAMpjcQ+PQhSe+hIgXYkdpA2digjvSLLI:0SDAc0RSHY4B+MOl/dT+DPLI6EAmbx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VirtualBox-7.0.12-159484-Win.exe

Files

VirtualBox-7.0.12-159484-Win.exe
.exe windows:6 windows x86 arch:x86

acd196ef0ee923b71d308feb7a3be083

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtQueryInformationProcess
NtOpenProcess
NtProtectVirtualMemory
NtSetEvent
NtResetEvent
NtCreateEvent
NtWaitForSingleObject
NtTerminateProcess
RtlFreeUnicodeString
NtQueryDirectoryFile
RtlGetNtProductType
NtOpenDirectoryObject
NtCreateFile
NtQueryDirectoryObject
NtQueryVolumeInformationFile
NtClose
NtQueryInformationFile

kernel32

VirtualQuery
GetSystemInfo
VirtualProtect
RtlUnwind
SystemTimeToFileTime
GetTickCount
GetSystemTime
OutputDebugStringA
GetCommandLineW
TlsSetValue
TlsGetValue
CloseHandle
GetLastError
SetLastError
CreateMutexW
GetCurrentProcess
FindResourceExW
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryExW
LoadResource
LockResource
SizeofResource
LocalFree
FormatMessageW
AllocConsole
FreeConsole
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetStdHandle
CreateFileW
DeleteFileW
FlushFileBuffers
GetFileSize
GetFileType
ReadFile
SetEndOfFile
SetFilePointer
LoadLibraryExA
WriteFile
DeviceIoControl
GetCurrentProcessId
GetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
MoveFileExW
GetConsoleMode
Sleep
GetCurrentThreadId
TerminateProcess
SetErrorMode
GetVersion
GetModuleHandleW
GetModuleFileNameW
WideCharToMultiByte
GetACP
GetSystemDirectoryW
RaiseException
GetCurrentThread
TlsAlloc

Exports

Exports

nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 105.4MB - Virtual size: 105.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

acd196ef0ee923b71d308feb7a3be083

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

Exports

Exports

Sections

.text Size: 148KB - Virtual size: 148KB

.rdata Size: 184KB - Virtual size: 183KB

.data Size: 3KB - Virtual size: 17KB

.didat Size: 512B - Virtual size: 8B

.rsrc Size: 105.4MB - Virtual size: 105.4MB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 148KB - Virtual size: 148KB

.rdata
Size: 184KB - Virtual size: 183KB

.data
Size: 3KB - Virtual size: 17KB

.didat
Size: 512B - Virtual size: 8B

.rsrc
Size: 105.4MB - Virtual size: 105.4MB

.reloc
Size: 10KB - Virtual size: 10KB