ThorUtil[.]efi | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ThorUtil.efi
Size

217KB
MD5

ad9de62c2ee6591f02a4e5f3fc6a5e63
SHA1

fde6563400ccf8847e4d9e0afaa4a383a33b3bd3
SHA256

54635eb00255e376445eada891bc73c53a89b198c534837585ed0c99959e9636
SHA512

7580d444fe61ac20dfb579862596e8c7f6bc37547a8a6fab1ebd74020aad239f4f0adcad29ffdc1501c0602ba3c43d73e14f8c39af0a0b3681569c8d50c94a6c
SSDEEP

3072:b5yJ0KFgjzohta1Nu38+90u7Ngg+O1L40KkhNz3O/pOzAFd/P2pn:bywm6d/g+O1LphN7V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ThorUtil.efi

Files

ThorUtil.efi
.exe windows:0 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 112B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.debug
Size: 96B - Virtual size: 85B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ