fe94fb6444ed3cfd25c4b79b71e654584987240aa1c1fba6c11557ccb4b1bb19[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

fe94fb6444ed3cfd25c4b79b71e654584987240aa1c1fba6c11557ccb4b1bb19.zip
Size

24KB
MD5

ad048b09716b2f6cd5e89d515ea29403
SHA1

42b80b19fe181432e44995396e5f5f3986e516d3
SHA256

fe94fb6444ed3cfd25c4b79b71e654584987240aa1c1fba6c11557ccb4b1bb19
SHA512

aa7d8afc8b5682c7d8e664877782af5571faba927b13929c30e042a7b4275ebfe93b7e8ef2de98f237494b6639fef3bb0102fe94c00e799cf3acac56e49bb841
SSDEEP

768:Jknbew47ir6zSPN0h6iBdzgbEbC/HkU4Kr:2Cw4ur6210bSg7Fc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AntivirusDefender7.0/bootmgfw.efi

Files

fe94fb6444ed3cfd25c4b79b71e654584987240aa1c1fba6c11557ccb4b1bb19.zip
.zip
AntivirusDefender7.0/AntivirusDefender7.0.lnk
.lnk
AntivirusDefender7.0/AntivirusDefender7.0_2.lnk
.lnk
AntivirusDefender7.0/bootmgfw.efi
.dll windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

AbsolutePointerProtocol
AcpiTableGuid
AcquireLock
AdapterDebugProtocol
AllocatePool
AllocateZeroPool
AppendDevicePath
AppendDevicePathInstance
AppendDevicePathNode
AsciiPrint
AsciiVSPrint
Atoi
BCDtoDecimal
BS
CRCTable
CalculateCrc
CatPrint
CheckCrc
CheckCrcAltSize
CloseSimpleReadFile
CompareGuid
CompareMem
CopyMem
DbgAssert
DbgPrint
DecimaltoBCD
DevPathTable
DevicePathFromHandle
DevicePathInstance
DevicePathInstanceCount
DevicePathSize
DevicePathToStr
DivU64x32
DumpHex
DuplicateDevicePath
EFIDebug
EFIDebugVariable
EfiDtbTableGuid
EfiPartTypeLegacyMbrGuid
EfiPartTypeSystemPartitionGuid
EndDevicePath
EndInstanceDevicePath
ErrorCodeTable
ErrorOutSpliterProtocol
Exit
FileDevicePath
FloatToString
FreePool
GetShellArgcArgv
GrowBuffer
GuidList
GuidToString
Hex
IInput
IPrint
IPrintAt
InitializeGlobalIoDevice
InitializeGuid
InitializeLib
InitializeLibPlatform
InitializeLock
InitializeUnicodeSupport
Input
InternalShellProtocol
Ip4Protocol
Ip4ServiceBindingProtocol
IsLocalPrint
IsValidAscii
IsValidEfiCntlChar
LShiftU64
LegacyBootProtocol
LibCreateProtocolNotifyEvent
LibDeleteVariable
LibDevicePathToInterface
LibDuplicateDevicePathInstance
LibFileInfo
LibFileSystemInfo
LibFileSystemVolumeLabelInfo
LibFwInstance
LibGetSmbiosString
LibGetSmbiosSystemGuidAndSerialNumber
LibGetSystemConfigurationTable
LibGetUiString
LibGetVariable
LibGetVariableAndSize
LibImageHandle
LibInitialized
LibInsertToTailOfBootOrder
LibInstallProtocolInterfaces
LibIsValidTextGraphics
LibLocateHandle
LibLocateHandleByDiskSignature
LibLocateProtocol
LibMatchDevicePaths
LibMemoryMap
LibOpenRoot
LibReinstallProtocolInterfaces
LibRuntimeDebugOut
LibRuntimeRaiseTPL
LibRuntimeRestoreTPL
LibSetNVVariable
LibSetVariable
LibStubMetaiMatch
LibStubStrLwrUpr
LibStubStriCmp
LibStubUnicodeInterface
LibUninstallProtocolInterfaces
MetaMatch
MetaiMatch
MpsTableGuid
MultU64x32
NullGuid
OpenSimpleReadFile
Output
PFLUSH
PGETC
PITEM
PPUTC
PSETATTR
PoolAllocationType
PoolPrint
Print
PrintAt
RShiftU64
RT
ReadPciConfig
ReadPort
ReadSimpleReadFile
ReallocatePool
ReleaseLock
RootDevicePath
RtAcquireLock
RtBCDtoDecimal
RtCompareGuid
RtCompareMem
RtConvertList
RtCopyMem
RtDecimaltoBCD
RtLibEnableVirtualMappings
RtReleaseLock
RtSetMem
RtStpCpy
RtStpnCpy
RtStrCat
RtStrCmp
RtStrCpy
RtStrLen
RtStrSize
RtStrnCat
RtStrnCpy
RtStrnLen
RtZeroMem
SMBIOS3TableGuid
SMBIOSTableGuid
ST
SalSystemTableGuid
SetCrc
SetCrcAltSize
SetMem
ShellDynamicCommandProtocolGuid
ShellParametersProtocolGuid
ShellProtocolGuid
SimplePointerProtocol
SimpleTextInputExProtocol
StatusToString
StpCpy
StpnCpy
StrCat
StrCmp
StrCpy
StrDuplicate
StrLen
StrLwr
StrSize
StrUpr
StriCmp
StrnCat
StrnCmp
StrnCpy
StrnLen
Tcp4Protocol
Tcp4ServiceBindingProtocol
TextInSpliterProtocol
TextOutSpliterProtocol
TimeToString
Udp4Protocol
Udp4ServiceBindingProtocol
UnicodeInterface
UnicodeSPrint
UnicodeToPcAnsiOrAscii
UnicodeVSPrint
UnknownDevice
UnpackDevicePath
VPoolPrint
VPrint
ValidMBR
ValueToHex
ValueToString
VariableStoreProtocol
VgaClassProtocol
WaitForEventWithTimeout
WaitForSingleEvent
WritePciConfig
WritePort
ZeroMem
_DbgOut
_IPrint
_PoolCatPrint
_PoolPrint
_Print
_SPrint
efi_call0
efi_call1
efi_call10
efi_call2
efi_call3
efi_call4
efi_call5
efi_call6
efi_call7
efi_call8
efi_call9
efi_main
gEFiUiInterfaceProtocolGuid
gEfiBlockIo2ProtocolGuid
gEfiBlockIoProtocolGuid
gEfiBusSpecificDriverOverrideProtocolGuid
gEfiComponentName2ProtocolGuid
gEfiComponentNameProtocolGuid
gEfiDebugImageInfoTableGuid
gEfiDebugSupportProtocolGuid
gEfiDeviceIoProtocolGuid
gEfiDevicePathFromTextProtocolGuid
gEfiDevicePathProtocolGuid
gEfiDevicePathToTextProtocolGuid
gEfiDevicePathUtilitiesProtocolGuid
gEfiDiskIo2ProtocolGuid
gEfiDiskIoProtocolGuid
gEfiDriverBindingProtocolGuid
gEfiDriverFamilyOverrideProtocolGuid
gEfiEbcProtocolGuid
gEfiEdidActiveProtocolGuid
gEfiEdidDiscoveredProtocolGuid
gEfiEdidOverrideProtocolGuid
gEfiFileInfoGuid
gEfiFileSystemInfoGuid
gEfiFileSystemVolumeLabelInfoIdGuid
gEfiGlobalVariableGuid
gEfiGraphicsOutputProtocolGuid
gEfiHashProtocolGuid
gEfiLoadFileProtocolGuid
gEfiLoadedImageProtocolGuid
gEfiNetworkInterfaceIdentifierProtocolGuid
gEfiPcAnsiGuid
gEfiPciIoProtocolGuid
gEfiPciRootBridgeIoProtocolGuid
gEfiPlatformDriverOverrideProtocolGuid
gEfiPxeBaseCodeCallbackProtocolGuid
gEfiPxeBaseCodeProtocolGuid
gEfiSerialIoProtocolGuid
gEfiSimpleFileSystemProtocolGuid
gEfiSimpleNetworkProtocolGuid
gEfiSimpleTextInProtocolGuid
gEfiSimpleTextOutProtocolGuid
gEfiUnicodeCollationProtocolGuid
gEfiVT100Guid
gEfiVT100PlusGuid
gEfiVTUTF8Guid
longjmp
memcpy
memset
setjmp
strcmpa
strlena
strncmpa
xtoi

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AntivirusDefender7.0/doc.bat
AntivirusDefender7.0/power.bat

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 3KB

.rdata Size: 8KB - Virtual size: 7KB

.pdata Size: 2KB - Virtual size: 2KB

.xdata Size: 2KB - Virtual size: 1KB

.bss Size: - Virtual size: 2KB

.edata Size: 7KB - Virtual size: 7KB

.idata Size: 512B - Virtual size: 24B

.reloc Size: 512B - Virtual size: 396B

.text
Size: 21KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 3KB

.rdata
Size: 8KB - Virtual size: 7KB

.pdata
Size: 2KB - Virtual size: 2KB

.xdata
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 7KB - Virtual size: 7KB

.idata
Size: 512B - Virtual size: 24B

.reloc
Size: 512B - Virtual size: 396B