» VBoxTray.exe
Overview
Analysis
File Details
Behaviors (1)

VBoxTray.exe

Oracle VM VirtualBox Guest Additions

Sun Microsystems, Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘VBoxTray’.

File name:

VBoxTray.exe

Publisher:

Oracle Corporation (signed by Sun Microsystems, Inc.)

Product:

Oracle VM VirtualBox Guest Additions

Description:

VirtualBox Guest Additions Tray Application

Version:

3.2.10.66523

MD5:

e5a81bfc8a844f6a8f8b376c05ce2830

SHA-1:

c32c4fd48a2f7635d1e7a3ace5ef9a91084bf3ec

SHA-256:

d67b1aa53de982756cecfd60c7cdbde4b20ef52cb79dcc067ff552c7c9d63d55

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 11:45:29 PM UTC (a few moments ago)

File size:

1.1 MB (1,123,856 bytes)

Product version:

3.2.10.r66523

Original file name:

VBoxTray.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Windows\System32\vboxtray.exe

Digital Signature

Signed by:

Sun Microsystems, Inc.

Authority:

VeriSign, Inc.

Valid from:

6/11/2008 10:00:00 AM

Valid to:

6/12/2011 9:59:59 AM

Subject:

CN="Sun Microsystems, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Sun Microsystems, Inc.", L=Menlo Park, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

693A64818C1E086B1B15AEE63FA054A2

File PE Metadata

Compilation timestamp:

10/9/2010 12:29:37 AM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

12288:Q6TVO6x77FBKnwBqsX6py8ETkXupwfykxzdxTlabQYtCAZ7cIkKqu:NZOe7x8nlpy8Eppwfrldx5Xe7

Entry address:

0x29BF0

Entry point:

48, 83, EC, 28, E8, 37, 92, 00, 00, 48, 83, C4, 28, E9, 0E, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 48, 89, 5C, 24, 10, 48, 89, 6C, 24, 18, 56, 41, 54, 41, 55, 48, 83, EC, 20, 4C, 8B, E9, 48, 8B, 0D, A3, 89, 0B, 00, E8, 3E, 47, 00, 00, 48, 8B, 0D, 8F, 89, 0B, 00, 48, 8B, E8, E8, 2F, 47, 00, 00, 48, 3B, C5, 48, 8B, F0, 0F, 82, B2, 00, 00, 00, 48, 8B, D8, 48, 2B, DD, 4C, 8D, 63, 08, 49, 83, FC, 08, 0F, 82, 9E, 00, 00, 00, 48, 8B, CD, 48, 89, 7C, 24, 40, E8, 82, 92, 00, 00, 49, 3B... 
[+]

Entropy:

6.3606

Code size:

293.5 KB (300,544 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

VBoxTray

Command:

C:\Windows\System32\vboxtray.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.