UEFITool[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

UEFITool.exe
Size

14.3MB
MD5

935c65abc56dc707a68a277b1d14ddb8
SHA1

1ee439bade2e60db7bc6d86f9ffc5fc4ebd058bc
SHA256

4dfc9a18c005029423c8da8b3e49f5129d86de7c4e8142525f88665eabac93cc
SHA512

aa41fac5fd5f849ad4da0b3c18b3909e1b599c5fb24127881711ac525db83bdae29de49ff858311e3d64840cbd4baa3e6f9126c5bf47d20b707c0844fcf9fef9
SSDEEP

393216:BAmQqstFtClCf0nZZ7S7HPbs9tVaAwpPJWWdUrnKFdu9CwJsv6tbH:BAXNg7rR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
UEFITool.exe

Files

UEFITool.exe
.exe windows:6 windows x64 arch:x64

1cddfe29af065ef0b2e6f4198dde85be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

uxtheme

GetCurrentThemeName
IsAppThemed
IsThemeActive
SetWindowTheme
GetThemePropertyOrigin
GetThemeTransitionDuration
OpenThemeData
GetThemeEnumValue
GetThemeInt
GetThemeBool
GetThemeColor
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
GetThemeBackgroundRegion
ord47
CloseThemeData
GetThemeMargins

d3d11

D3D11CreateDevice

dxgi

CreateDXGIFactory2

dcomp

DCompositionCreateDevice

dwrite

DWriteCreateFactory

dwmapi

DwmGetWindowAttribute
DwmSetWindowAttribute
DwmEnableBlurBehindWindow

gdi32

GdiFlush
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetTextFaceW
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharWidthI
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
CreateFontIndirectW
GetDeviceCaps
BitBlt
CreateSolidBrush
OffsetRgn
SetLayout
CreateCompatibleBitmap
CreateDCW
CreateBitmap
GetBitmapBits
GetObjectW
CreateDIBSection
SelectObject
SelectClipRgn
GetRegionData
DeleteObject
DeleteDC
CreateRectRgn
CreateCompatibleDC
CombineRgn
EnumFontFamiliesExW
ExtTextOutW
GetStockObject
GetDIBits
GetFontData

imm32

ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetOpenStatus
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetDefaultIMEWnd
ImmGetVirtualKey

oleaut32

SysFreeString
SysAllocString
SafeArrayCreateVector
SysStringLen
SetErrorInfo
GetErrorInfo
SafeArrayPutElement

shlwapi

AssocQueryStringW

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor
GetProcessDpiAwareness
SetProcessDpiAwareness

comdlg32

GetSaveFileNameW
GetOpenFileNameW

d3d9

Direct3DCreate9

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
WaitOnAddress
WakeByAddressAll

userenv

GetUserProfileDirectoryW

advapi32

GetNamedSecurityInfoW
DuplicateToken
CopySid
AllocateAndInitializeSid
AddAccessDeniedAceEx
AddAccessAllowedAceEx
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
GetSidSubAuthorityCount
GetSidSubAuthority
RegSetValueExW
RegQueryInfoKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
FreeSid
LookupAccountSidW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
SystemFunction036
RegCloseKey
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetLengthSid

authz

AuthzAccessCheck
AuthzFreeContext
AuthzFreeResourceManager
AuthzInitializeContextFromToken
AuthzInitializeContextFromSid
AuthzInitializeResourceManager

kernel32

RtlLookupFunctionEntry
HeapFree
HeapAlloc
SetStdHandle
IsValidLocale
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
FreeLibraryAndExitThread
VirtualAlloc
CreateMutexW
EnumSystemLocalesW
GetFileSizeEx
HeapReAlloc
VirtualFree
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
SetFileAttributesW
RtlCaptureContext
IsValidCodePage
GetOEMCP
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
GetUserDefaultLocaleName
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
TryAcquireSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
IsProcessorFeaturePresent
GetVolumeInformationW
GetDriveTypeW
lstrcmpW
GetConsoleWindow
GetLongPathNameW
GetUserDefaultLangID
GetProcAddress
GetLastError
GetModuleHandleW
WTSGetActiveConsoleSessionId
GlobalAlloc
GlobalSize
GlobalUnlock
GlobalLock
GetACP
GetCurrentThreadId
CheckRemoteDebuggerPresent
CloseHandle
OpenProcess
ExpandEnvironmentStringsW
CreateProcessW
GetLocaleInfoW
GetCurrentProcessId
CompareStringEx
GetCommandLineW
LocalFree
AllocConsole
FreeConsole
AttachConsole
OutputDebugStringW
GetSystemTime
GetLocalTime
QueryPerformanceCounter
QueryPerformanceFrequency
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
TerminateProcess
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetCurrentThread
GetThreadPriority
CompareStringW
LCMapStringW
DuplicateHandle
WaitForSingleObject
Sleep
WaitForMultipleObjects
CreateThread
SetThreadPriority
TerminateThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
LocalAlloc
FormatMessageW
GetSystemDirectoryW
LoadLibraryExW
LoadLibraryW
GetCurrentPackageFullName
GetDateFormatW
GetTimeFormatW
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
CreateFileW
GetFileAttributesExW
GetModuleFileNameW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
GetLogicalDrives
RemoveDirectoryW
SetFileTime
GetTempPathW
GetVolumePathNamesForVolumeNameW
SetErrorMode
DeviceIoControl
CopyFileW
MoveFileW
MoveFileExW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetFileInformationByHandleEx
FlushFileBuffers
GetFileType
ReadFile
SetEndOfFile
SetFilePointerEx
WriteFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointer
ConnectNamedPipe
CreateNamedPipeW
WaitForMultipleObjectsEx
GetExitCodeProcess
GetProcessId
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
PeekNamedPipe
GetOverlappedResult
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
FreeLibrary
GetModuleHandleExW
FindFirstFileExW
FindNextFileW
K32GetModuleFileNameExW
ReleaseMutex
CancelIoEx
FlsAlloc
FlsGetValue
ExitThread
GetCommandLineA
ExitProcess
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetLastError
InterlockedFlushSList
InterlockedPushEntrySList
RaiseException
RtlPcToFileHeader
RtlUnwindEx
FlsSetValue
GetCPInfo
GetStringTypeW
FlsFree

netapi32

NetShareEnum
NetApiBufferFree

ole32

OleSetClipboard
OleFlushClipboard
RegisterDragDrop
DoDragDrop
CoGetMalloc
CoUninitialize
CoInitializeEx
CoLockObjectExternal
ReleaseStgMedium
StringFromGUID2
CoCreateGuid
CoTaskMemFree
CoCreateInstance
RevokeDragDrop
OleIsCurrentClipboard
OleInitialize
OleUninitialize
OleGetClipboard

user32

EnableNonClientDpiScaling
SetProcessDpiAwarenessContext
ChangeWindowMessageFilter
RegisterClipboardFormatW
GetClipboardFormatNameW
EnumDisplayDevicesW
SendMessageW
PostMessageW
AttachThreadInput
IsChild
ShowWindow
UpdateLayeredWindow
SetLayeredWindowAttributes
FlashWindowEx
MoveWindow
SetWindowPlacement
IsWindowVisible
IsIconic
SetFocus
RegisterTouchWindow
UnregisterTouchWindow
IsTouchWindow
GetCapture
SetCapture
ReleaseCapture
GetSystemMetricsForDpi
GetMenu
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
SetWindowTextW
GetWindowRect
AdjustWindowRectEx
AdjustWindowRectExForDpi
SetCursor
FillRect
SetWindowLongPtrW
SetParent
GetWindowThreadProcessId
GetWindow
DestroyCursor
MonitorFromPoint
GetDpiForWindow
GetAncestor
LoadIconW
IsHungAppWindow
SetClipboardViewer
ChangeClipboardChain
AddClipboardFormatListener
RemoveClipboardFormatListener
SetMenu
DrawMenuBar
CreateMenu
CreatePopupMenu
DestroyMenu
InsertMenuW
AppendMenuW
ModifyMenuW
RemoveMenu
TrackPopupMenu
GetMenuItemInfoW
SetMenuItemInfoW
GetDisplayConfigBufferSizes
QueryDisplayConfig
DisplayConfigGetDeviceInfo
MonitorFromWindow
GetClassInfoW
EnumDisplayMonitors
GetAwarenessFromDpiAwarenessContext
SendInput
GetPointerInfo
GetKeyboardLayout
IsWindowEnabled
CreateCaret
DestroyCaret
ShowCaret
SetCaretPos
FindWindowA
PeekMessageW
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
HiliteMenuItem
TrackPopupMenuEx
SetMenuDefaultItem
SetCursorPos
GetCursor
LoadCursorW
CreateCursor
CreateIconIndirect
GetIconInfo
GetCursorInfo
TrackMouseEvent
GetMessageExtraInfo
GetAsyncKeyState
GetTouchInputInfo
CloseTouchInputHandle
GetPointerType
GetPointerFrameTouchInfo
GetPointerFrameTouchInfoHistory
GetPointerPenInfo
GetPointerPenInfoHistory
SkipPointerFrameMessages
GetPointerDeviceRects
ChangeWindowMessageFilterEx
CharNextExA
TranslateMessage
DispatchMessageW
RegisterClassW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
SetCoalescableTimer
KillTimer
PostThreadMessageW
EnumWindows
RegisterDeviceNotificationW
UnregisterDeviceNotification
UnregisterClassW
GetDoubleClickTime
DefWindowProcW
SystemParametersInfoForDpi
MessageBoxW
GetDesktopWindow
ReleaseDC
GetDC
DestroyWindow
SystemParametersInfoW
GetSysColor
GetSystemMetrics
EnableMenuItem
GetSystemMenu
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
RegisterWindowMessageW
GetWindowDpiAwarenessContext
GetThreadDpiAwarenessContext
LoadImageW
GetParent
GetWindowLongPtrW
ChildWindowFromPointEx
WindowFromPoint
ScreenToClient
ClientToScreen
GetCursorPos
GetClientRect
InvalidateRect
GetFocus
GetWindowPlacement
SetWindowPos
CreateWindowExW
GetKeyboardLayoutList
UpdateLayeredWindowIndirect
DrawIconEx
DestroyIcon
AreDpiAwarenessContextsEqual
GetMessageW
RegisterClassExW
GetCaretBlinkTime
MessageBeep
GetMonitorInfoW
IsWindow

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

winmm

PlaySoundW
timeSetEvent
timeKillEvent

ws2_32

WSAAsyncSelect

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

shell32

SHGetFileInfoW
ShellExecuteExW
SHGetKnownFolderPath
CommandLineToArgvW
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHBrowseForFolderW
SHGetKnownFolderIDList
SHGetPathFromIDListW
SHGetMalloc
SHCreateItemFromIDList
ShellExecuteW
ord727
SHGetStockIconInfo
SHCreateItemFromParsingName

Exports

Exports

qt_startup_hook

Sections

.text
Size: 9.7MB - Virtual size: 9.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 169KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 465KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1cddfe29af065ef0b2e6f4198dde85be

Headers

DLL Characteristics

File Characteristics

Imports

uxtheme

d3d11

dxgi

dcomp

dwrite

dwmapi

gdi32

imm32

oleaut32

shlwapi

wtsapi32

api-ms-win-shcore-scaling-l1-1-1

comdlg32

d3d9

api-ms-win-core-synch-l1-2-0

userenv

advapi32

authz

kernel32

netapi32

ole32

user32

version

winmm

ws2_32

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

shell32

Exports

Exports

Sections

.text Size: 9.7MB - Virtual size: 9.7MB

.rdata Size: 3.6MB - Virtual size: 3.6MB

.data Size: 169KB - Virtual size: 271KB

.pdata Size: 465KB - Virtual size: 464KB

.qtmimed Size: 332KB - Virtual size: 331KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 32KB - Virtual size: 32KB

.reloc Size: 68KB - Virtual size: 68KB

.text
Size: 9.7MB - Virtual size: 9.7MB

.rdata
Size: 3.6MB - Virtual size: 3.6MB

.data
Size: 169KB - Virtual size: 271KB

.pdata
Size: 465KB - Virtual size: 464KB

.qtmimed
Size: 332KB - Virtual size: 331KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 68KB - Virtual size: 68KB