king99

My best guess is that the VirtualBox 2018 download will not install currently on Win 10/11. Assumed is the cert. for the download is SHA-1 signed. Microsoft disallowed SHA-1 certs. in 2019: https://support.microsoft.com/en-us/topic/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus-64d1c82d-31ee-c273-3930-69a4cde8e64f .
I just downloaded VB ver. 7.0.8 from here: https://www.virtualbox.org/wiki/Downloads. The download is validly signed with a SHA-2 cert.. Of note is the old SHA-1 cert. dating to 2014 is still shown. It is also shown as invalid due to not being validly countersigned.
My best guess at this point is your VirtualBox 2018 download is showing as invalidly signed for the above reasons. At this point, it is impossible to determine how you downloaded a malicious version of VB.
I suspect that Oracle cert. is for manually signing VB Win kernel modules to remove conflict w/Win 10/11 Secure Boot processing as noted here: https://gist.github.com/reillysiemens/ac6bea1e6c7684d62f544bd79b2182a4

A few other comments about "Dirty Moe" malware.
It is deployed via exploiting;
https://decoded.avast.io/martinchlumecky/dirtymoe-1/
The Virtual Box sample referenced at VT dates to 2018. There was a vulnerability in VB at that time that was being ignored by Oracle. A researcher was so frustrated with Oracle for ignoring the vulnerability, he created his own POC exploit code and released it publicly: https://www.bleepingcomputer.com/news/security/virtualbox-zero-day-vulnerability-details-and-exploit-are-publicly-available/ .
Putting it all together, appears this VB sample was altered to include either the exploit code and possibly, the Dirty Moe malware code or dropper code to download it from attack C&C server.
-EDIT- Forgot this "tidbit" which is why Dirty Moe is referenced as undetectable;
https://securityintelligence.com/news/dirtymoe-botnet-returns-undetectable-threat-profile/

Looks like the detection was an Avast behavior based one. One possibility is this download was tampered with as indicated by the invalid signature. Also, this "Dirty Moe" malware does install a signed kernel mode mini-port driver.

To me the only difference between the original VirtualBox installer and this one with a broken signature is missing data between offset 0x4fadd1a and 0x4fbc47c. Removing some data from a file won't make it malicious.

This indicates that CompuTrace was never installed on your laptop or someone patched the BIOS.
One possibility is if you acquired this laptop from someone else, they "patched" the BIOS to eliminate Computrace from appearing there under the mistaken assumption this actually would remove it.

Remove "More Tools" button and include all tools under the Tools option. "More Tools" button just does not make sense its an additional unwanted click to get into additional tools.

Description: Re-enable the user to sort firewall rules (e.g. in alphabetical order) in interactive mode
Detail: When viewing the contents of a folder in Windows-Explorer, the user can sort the items by any of the categories that are shown in the "Details" layout, e.g. Name, Date Modified, Type, Size etc. That possibility to sort items is essential when working with large lists. Users of the interactive firewall mode are collecting dozens of firewall items, and I found myself missing the sorting feature several times now. To me, this is an essential feature, affecting the usability of the interactive firewall mode.
This feature has been requested way back in 2016 here: https://forum.eset.com/topic/7473-sorting-the-firewall-rules-list-by-name-date-etc/. As it seems, the list sorting feature was available in earlier versions. Please bring it back!