Boot[.]tar[.]gz

Sharing

Copy URL Twitter E-mail

General

Target

Boot.tar.gz
Size

1.5MB
MD5

fe4d2ec191e5bd5a1d30732755e5269f
SHA1

edc010dcc862fea220e96761fb12b7b05bd0ddf6
SHA256

653a235499bfdc641791ed2b745828e7c68343ae61a578d66a7e865514db1390
SHA512

c1c300378fa767170ad1c17b4798d7a13e591e47811bd61f230ec0faf20adbf9b33a7b4a01a17a0b2eddb2f0ae20502416c7d64856366b8a228230bb1fea20ee
SSDEEP

24576:mr12hdAaBdaQ4oOUf0MnHIBB6LWs3tEwN2XJcMK8GHY1tutTae8ixL7K4wAzS10t:+UdcKo/4Ws3tE5eMKHY1ktT98iVKVocy

Score

N/A

Malware Config

Signatures

Files

Boot.tar.gz
.gz
sample
.tar
BCD
BCD.LOG
BCD.LOG1
BCD{a795eb8b-d573-11ec-a98b-7cfe9091ffa1}.TM.blf
BCD{a795eb8b-d573-11ec-a98b-7cfe9091ffa1}.TMContainer00000000000000000001.regtrans-ms
BCD{a795eb8b-d573-11ec-a98b-7cfe9091ffa1}.TMContainer00000000000000000002.regtrans-ms
BOOTSTAT.DAT
Resources/bootres.dll
.dll windows x64

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:b8:d1:74:ca:8d:a9:f5:3a:a4:43:9d:31:49:47:6c:79:c2:4b:b0:67:9a:0e:aa:f5:30:f9:bf:da:9b:78:98
Signer

Actual PE Digest

2f:b8:d1:74:ca:8d:a9:f5:3a:a4:43:9d:31:49:47:6c:79:c2:4b:b0:67:9a:0e:aa:f5:30:f9:bf:da:9b:78:98

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/12/2022, 13:55
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rdata
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Resources/en-US/bootres.dll.mui
.dll windows x86

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3f:96:a8:44:fd:44:aa:76:74:3e:6e:62:80:a5:ca:fd:80:6a:58:81:3a:51:f7:ad:a4:5c:9c:86:f0:dc:5a:44
Signer

Actual PE Digest

3f:96:a8:44:fd:44:aa:76:74:3e:6e:62:80:a5:ca:fd:80:6a:58:81:3a:51:f7:ad:a4:5c:9c:86:f0:dc:5a:44

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/12/2022, 13:55
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
boot.stl
bootmgfw.efi
.dll windows x64

Code Sign

33:00:00:03:3b:65:5f:ae:fa:db:75:e9:d6:00:00:00:00:03:3b
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:68:79:b6:e1:b8:42:76:96:3b:c4:c2:7e:55:1d:0f:b3:81:51:8b:1d:3d:52:f4:8b:5f:d8:80:54:f8:4e:31
Signer

Actual PE Digest

07:68:79:b6:e1:b8:42:76:96:3b:c4:c2:7e:55:1d:0f:b3:81:51:8b:1d:3d:52:f4:8b:5f:d8:80:54:f8:4e:31

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/12/2022, 13:55
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRANSIT
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

msrodata
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
en-US/bootmgfw.efi.mui
.dll windows x86

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8a:de:9f:18:64:ce:17:53:8e:04:e5:c5:9d:fd:2e:e1:c0:de:7c:fb:16:c7:d8:72:ce:55:26:03:ca:7f:1e:e1
Signer

Actual PE Digest

8a:de:9f:18:64:ce:17:53:8e:04:e5:c5:9d:fd:2e:e1:c0:de:7c:fb:16:c7:d8:72:ce:55:26:03:ca:7f:1e:e1

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/12/2022, 13:55
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 66KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
winsipolicy.p7b

Sharing

General

Malware Config

Signatures

Files

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

2f:b8:d1:74:ca:8d:a9:f5:3a:a4:43:9d:31:49:47:6c:79:c2:4b:b0:67:9a:0e:aa:f5:30:f9:bf:da:9b:78:98Signer

Signature Validations

Verification

15/12/2022, 13:55 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 4KB - Virtual size: 256B

.rsrc Size: 148KB - Virtual size: 146KB

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

3f:96:a8:44:fd:44:aa:76:74:3e:6e:62:80:a5:ca:fd:80:6a:58:81:3a:51:f7:ad:a4:5c:9c:86:f0:dc:5a:44Signer

Signature Validations

Verification

15/12/2022, 13:55 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 224B

.rsrc Size: 3KB - Virtual size: 4KB

Code Sign

33:00:00:03:3b:65:5f:ae:fa:db:75:e9:d6:00:00:00:00:03:3bCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

07:68:79:b6:e1:b8:42:76:96:3b:c4:c2:7e:55:1d:0f:b3:81:51:8b:1d:3d:52:f4:8b:5f:d8:80:54:f8:4e:31Signer

Signature Validations

Verification

15/12/2022, 13:55 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

TRANSIT Size: 512B - Virtual size: 29B

.data Size: 3KB - Virtual size: 273KB

.pdata Size: 64KB - Virtual size: 64KB

msrodata Size: 512B - Virtual size: 496B

.rsrc Size: 67KB - Virtual size: 66KB

.reloc Size: 5KB - Virtual size: 4KB

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

8a:de:9f:18:64:ce:17:53:8e:04:e5:c5:9d:fd:2e:e1:c0:de:7c:fb:16:c7:d8:72:ce:55:26:03:ca:7f:1e:e1Signer

Signature Validations

Verification

15/12/2022, 13:55 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 66KB - Virtual size: 68KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

2f:b8:d1:74:ca:8d:a9:f5:3a:a4:43:9d:31:49:47:6c:79:c2:4b:b0:67:9a:0e:aa:f5:30:f9:bf:da:9b:78:98
Signer

15/12/2022, 13:55
Valid: false

.rdata
Size: 4KB - Virtual size: 256B

.rsrc
Size: 148KB - Virtual size: 146KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

3f:96:a8:44:fd:44:aa:76:74:3e:6e:62:80:a5:ca:fd:80:6a:58:81:3a:51:f7:ad:a4:5c:9c:86:f0:dc:5a:44
Signer

15/12/2022, 13:55
Valid: false

.rdata
Size: 512B - Virtual size: 224B

.rsrc
Size: 3KB - Virtual size: 4KB

33:00:00:03:3b:65:5f:ae:fa:db:75:e9:d6:00:00:00:00:03:3b
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

07:68:79:b6:e1:b8:42:76:96:3b:c4:c2:7e:55:1d:0f:b3:81:51:8b:1d:3d:52:f4:8b:5f:d8:80:54:f8:4e:31
Signer

15/12/2022, 13:55
Valid: false

.text
Size: 2.3MB - Virtual size: 2.3MB

TRANSIT
Size: 512B - Virtual size: 29B

.data
Size: 3KB - Virtual size: 273KB

.pdata
Size: 64KB - Virtual size: 64KB

msrodata
Size: 512B - Virtual size: 496B

.rsrc
Size: 67KB - Virtual size: 66KB

.reloc
Size: 5KB - Virtual size: 4KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

8a:de:9f:18:64:ce:17:53:8e:04:e5:c5:9d:fd:2e:e1:c0:de:7c:fb:16:c7:d8:72:ce:55:26:03:ca:7f:1e:e1
Signer

15/12/2022, 13:55
Valid: false

.rsrc
Size: 66KB - Virtual size: 68KB