× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d613f2d365424b803968ebdd7a9f9e5bb9d73d7902572828d9720274a1ce4664
File name: file_VBoxDrv.sys
Detection ratio: 0 / 55
Analysis date: 2015-11-22 13:24:50 UTC ( 3 years, 5 months ago )
Antivirus Result Update
Ad-Aware 20151122
AegisLab 20151122
Yandex 20151121
AhnLab-V3 20151122
Alibaba 20151120
ALYac 20151122
Antiy-AVL 20151122
Arcabit 20151122
Avast 20151122
AVG 20151122
Avira (no cloud) 20151122
AVware 20151122
Baidu-International 20151122
BitDefender 20151122
Bkav 20151121
ByteHero 20151122
CAT-QuickHeal 20151121
ClamAV 20151122
CMC 20151118
Comodo 20151122
Cyren 20151122
DrWeb 20151122
Emsisoft 20151122
ESET-NOD32 20151122
F-Prot 20151122
F-Secure 20151120
Fortinet 20151122
GData 20151122
Ikarus 20151122
Jiangmin 20151121
K7AntiVirus 20151122
K7GW 20151122
Kaspersky 20151122
Malwarebytes 20151122
McAfee 20151122
McAfee-GW-Edition 20151122
Microsoft 20151122
eScan 20151122
NANO-Antivirus 20151122
nProtect 20151120
Panda 20151122
Qihoo-360 20151122
Rising 20151117
Sophos AV 20151122
SUPERAntiSpyware 20151122
Symantec 20151121
Tencent 20151122
TheHacker 20151121
TrendMicro 20151122
TrendMicro-HouseCall 20151122
VBA32 20151120
VIPRE 20151122
ViRobot 20151122
Zillya 20151121
Zoner 20151122
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2009-2012 Oracle Corporation

Publisher Oracle Corporation
Product Oracle VM VirtualBox
Original name VBoxDrv.sys
Internal name VBoxDrv.sys
File version 4.1.20.80170
Description VirtualBox Support Driver
Signature verification Signed file, verified signature
Signing date 4:32 PM 8/20/2012
Signers
[+] Oracle Corporation
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 2/8/2011
Valid to 12:59 AM 2/8/2014
Valid usage Code Signing
Algorithm SHA1
Thumbprint A88FD9BDAA06BC0F3C491BA51E231BE35F8D1AD5
Serial number 51 9B D9 67 F9 08 01 55 21 A2 0C 0E 93 16 F4 89
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer None
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer None
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G3
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 5/1/2012
Valid to 12:59 AM 1/1/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 8FD99D63FB3AFBD534A4F6E31DACD27F59504021
Serial number 79 A2 A5 85 F9 D1 15 42 13 D9 B8 3E F6 B6 8D ED
[+] VeriSign Time Stamping Services CA
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-08-20 15:32:27
Entry Point 0x00001A70
Number of sections 7
PE sections
Overlays
MD5 a7ce8122f3ce32f3ab7f1e143db73c01
File type data
Offset 150016
Size 8536
Entropy 7.33
PE imports
KfReleaseSpinLock
KfLowerIrql
KfAcquireSpinLock
ExReleaseFastMutex
ExAcquireFastMutex
KfRaiseIrql
KeGetCurrentIrql
strncmp
KeQuerySystemTime
KeQueryActiveProcessors
KeSetTimerEx
MmUnmapIoSpace
KeInitializeEvent
_allmul
KeInitializeMutex
_allrem
_alldvrm
ProbeForWrite
KeQueryTimeIncrement
MmMapLockedPagesSpecifyCache
RtlInitUnicodeString
ExCreateCallback
ZwYieldExecution
KeSetPriorityThread
strchr
DbgPrint
MmFreeContiguousMemory
ZwSetSystemInformation
IoDeleteSymbolicLink
KeSetTargetProcessorDpc
IoCreateDevice
_allshr
MmProbeAndLockPages
KeInitializeSpinLock
IoDeleteDevice
MmFreePagesFromMdl
_allshl
_aulldvrm
KeSetImportanceDpc
KeCancelTimer
KeInitializeTimerEx
KeReadStateMutex
PsGetVersion
ExAllocatePoolWithTag
IoGetCurrentProcess
MmAllocateContiguousMemory
KeGetCurrentThread
MmMapIoSpace
MmBuildMdlForNonPagedPool
IofCompleteRequest
MmGetPhysicalAddress
MmHighestUserAddress
_aulldiv
ExRegisterCallback
_alldiv
KeSetEvent
KeResetEvent
IoAllocateMdl
KeInsertQueueDpc
KeWaitForSingleObject
PsCreateSystemThread
_except_handler3
ExFreePoolWithTag
KeInitializeDpc
ProbeForRead
MmGetSystemRoutineAddress
MmAllocateContiguousMemorySpecifyCache
MmAllocatePagesForMdl
MmUnsecureVirtualMemory
KeReleaseMutex
memmove
IoCreateSymbolicLink
_aullrem
KeRemoveQueueDpc
MmSecureVirtualMemory
MmUnmapLockedPages
ExUnregisterCallback
PsGetCurrentProcessId
KeQueryInterruptTime
ObReferenceObjectByHandle
IoFreeMdl
KeDelayExecutionThread
ObfDereferenceObject
_aullshr
MmSystemRangeStart
ZwClose
memchr
MmUnlockPages
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
7

FileVersionNumber
4.1.20.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
59392

EntryPoint
0x1a70

OriginalFileName
VBoxDrv.sys

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2009-2012 Oracle Corporation

FileVersion
4.1.20.80170

TimeStamp
2012:08:20 16:32:27+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
VBoxDrv.sys

ProductVersion
4.1.20.r80170

FileDescription
VirtualBox Support Driver

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Native

MachineType
Intel 386 or later, and compatibles

CompanyName
Oracle Corporation

CodeSize
99840

ProductName
Oracle VM VirtualBox

ProductVersionNumber
4.1.20.0

FileTypeExtension
exe

ObjectFileType
Driver

Compressed bundles
File identification
MD5 75639b33f31f24f9a5484582330b768f
SHA1 06d7e88f6c926eff01bff09d4c3b4d71311769a7
SHA256 d613f2d365424b803968ebdd7a9f9e5bb9d73d7902572828d9720274a1ce4664
ssdeep
3072:51l73RZRNkxCdYuC9UmZruEk7g0LX0ssVH:pdBkEds9UyrwXs

authentihash 2ab0665939a8b9ce11e0e6e875fa55945f0e2cc7d9955a5fe098d174945bca20
imphash da24598772042cbb231c4c09320c1af0
File size 154.8 KB ( 158552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (native) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe overlay signed native

VirusTotal metadata
First submission 2013-12-16 11:30:37 UTC ( 5 years, 4 months ago )
Last submission 2015-11-22 13:24:50 UTC ( 3 years, 5 months ago )
File names file_VBoxDrv.sys
vt-upload-nR0naN
VBoxDrv.sys
VBoxDrv.sys
VBoxDrv.sys
vboxdrv.sys
VBoxDrv.sys
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications