I have received email with file claims to be an invoice. I supposed that it is a pishing, but I wanted to avoid any debt so I decided to use my VirtualBox machine to open suspicious file. It was pishing, e-mail does not affect my company.
Unfortunately I have ran this file on VM before I scanned it on Virustotal. No antiviruses detected this file as virus, but in extended behaviour report this file tries to read VirtualBox registry keys
According to scan results no keys was changed. There are few possibilities:
- File is not malicious, read of this key is not related with virus behaviour
- File is malicious, but VM used by Virustotal/HABO didn't use Virtual Box, so virus didn't affect another keys. If it will be VM virus will try infect Guest Additions or host machine
- Another ideas?
I could send you full scan logs, but I'm new user and I have to wait 1 day to receive permissions to do it. If you would like to see logs just ask me and I'll do it tomorrow.