EFI[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

EFI.rar
Size

7.2MB
MD5

8679be49c2d1864f6d9b58b2670eb332
SHA1

e683790dd576b9ca8289559212772f5185749aa7
SHA256

8a75af5a5fcba3a5d8d6d05e2fcf34d986483e9420ee574ef4dcb1d25505c74f
SHA512

058afc5801c3d0ea6de3058ce1bc247a3d38af8e0e02c5d891c46aed0742617d7023a1e92ca15a2f47c5f24e4ce76eed6c778558f490e56be98e97fb1c68370d
SSDEEP

196608:O8H7Iz3ev7DOlC3CPyZxUOkUUwicqNtxeXyxT133CGj:Oo0+7SlyBxwUV+HoXs33CGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/afuefix64.efi
unpack001/amideefix64.efi
unpack001/chglogo.efi
unpack001/compress.efi
unpack001/efi/boot/bootx64.efi
unpack001/flash2.efi

Files

EFI.rar
.rar

Password: adgasdgsdgdgwsdgsw
IMAGEM3B.ROM
afuefix64.efi
.dll windows:0 windows x64 arch:x64

Password: adgasdgsdgdgwsdgsw

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 526KB - Virtual size: 525KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amideefix64.efi
.dll windows:0 windows x64 arch:x64

Password: adgasdgsdgdgwsdgsw

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
changes.txt
chglogo.efi
.dll windows:0 windows x64 arch:x64

Password: adgasdgsdgdgwsdgsw

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 480B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
compress.efi
.dll windows:0 windows x64 arch:x64

Password: adgasdgsdgdgwsdgsw

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 480B - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
efi/boot/bootx64.efi
.dll windows:0 windows x64 arch:x64

Password: adgasdgsdgdgwsdgsw

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 421KB - Virtual size: 421KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 499KB - Virtual size: 499KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.xdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
flash2.efi
.dll windows:0 windows x64 arch:x64

Password: adgasdgsdgdgwsdgsw

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 480B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
logo.nsh
.vbs
readme.txt
startup.nsh

Sharing

General

Malware Config

Signatures

Files

Password: adgasdgsdgdgwsdgsw

Password: adgasdgsdgdgwsdgsw

Headers

File Characteristics

Sections

.text Size: 526KB - Virtual size: 525KB

.rdata Size: 45KB - Virtual size: 44KB

.data Size: 15KB - Virtual size: 1.0MB

.pdata Size: 21KB - Virtual size: 21KB

.CRT Size: 512B - Virtual size: 176B

.reloc Size: 5KB - Virtual size: 5KB

Password: adgasdgsdgdgwsdgsw

Headers

File Characteristics

Sections

.text Size: 265KB - Virtual size: 264KB

.rdata Size: 63KB - Virtual size: 63KB

.data Size: 76KB - Virtual size: 1.1MB

.pdata Size: 9KB - Virtual size: 8KB

.CRT Size: 512B - Virtual size: 160B

.reloc Size: 6KB - Virtual size: 6KB

Password: adgasdgsdgdgwsdgsw

Headers

File Characteristics

Sections

.text Size: 68KB - Virtual size: 68KB

.data Size: 22KB - Virtual size: 22KB

Size: 2KB - Virtual size: 2KB

.xdata Size: 1KB - Virtual size: 1KB

.reloc Size: 480B - Virtual size: 480B

Password: adgasdgsdgdgwsdgsw

Headers

File Characteristics

Sections

.text Size: 70KB - Virtual size: 70KB

.data Size: 30KB - Virtual size: 29KB

Size: 2KB - Virtual size: 2KB

.xdata Size: 1KB - Virtual size: 1KB

.reloc Size: 480B - Virtual size: 476B

Password: adgasdgsdgdgwsdgsw

Headers

File Characteristics

Sections

.text Size: 421KB - Virtual size: 421KB

.data Size: 499KB - Virtual size: 499KB

Size: 10KB - Virtual size: 10KB

.xdata Size: 6KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 4KB

Password: adgasdgsdgdgwsdgsw

Headers

File Characteristics

Sections

.text Size: 90KB - Virtual size: 90KB

.data Size: 39KB - Virtual size: 39KB

Size: 2KB - Virtual size: 2KB

.xdata Size: 1KB - Virtual size: 1KB

.reloc Size: 480B - Virtual size: 480B

.text
Size: 526KB - Virtual size: 525KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 15KB - Virtual size: 1.0MB

.pdata
Size: 21KB - Virtual size: 21KB

.CRT
Size: 512B - Virtual size: 176B

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 265KB - Virtual size: 264KB

.rdata
Size: 63KB - Virtual size: 63KB

.data
Size: 76KB - Virtual size: 1.1MB

.pdata
Size: 9KB - Virtual size: 8KB

.CRT
Size: 512B - Virtual size: 160B

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: 68KB - Virtual size: 68KB

.data
Size: 22KB - Virtual size: 22KB

.xdata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 480B - Virtual size: 480B

.text
Size: 70KB - Virtual size: 70KB

.data
Size: 30KB - Virtual size: 29KB

.xdata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 480B - Virtual size: 476B

.text
Size: 421KB - Virtual size: 421KB

.data
Size: 499KB - Virtual size: 499KB

.xdata
Size: 6KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 90KB - Virtual size: 90KB

.data
Size: 39KB - Virtual size: 39KB

.xdata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 480B - Virtual size: 480B