EFI SPOOFER By Guts[.]zip

General

Target

EFI SPOOFER By Guts.zip
Size

299KB
MD5

684779602fdf9066c05ba5bb3e2b1a6a
SHA1

b56c5595138e3671c577647ef08843dfc08724b3
SHA256

ca997b879d39aa54d941268d651a7af6792b2344b3527b9dcda55a27312f497f
SHA512

fa863ecaa7d76a19c2003242c8aa57992ba2b9da605a289249ac4cfbb93d3e34d052ab37274cc420d243e381fcc2665c251714191f0d97f87631f1d0cf485b1e
SSDEEP

6144:DjNFHguxwaJLBzZwrgIwTbqM7qSwZ0YkRN3CNVqQIiQEoQ7Ay5w:DnzKrgNqkfpYkjZQxX7Agw

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/EFI SPOOFER/EFI/Boot/bootx64.efi
unpack001/EFI SPOOFER/rainbow.efi

Files

EFI SPOOFER By Guts.zip
.zip
EFI SPOOFER/EFI/Boot/bootx64.efi
.dll windows:0 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 398KB - Virtual size: 398KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 498KB - Virtual size: 497KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.xdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EFI SPOOFER/rainbow.efi
.dll windows:0 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\human\Documents\Projects\rainbow\VisualUefi\rainbow\x64\Release\rainbow.pdb

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 928B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 96B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 398KB - Virtual size: 398KB

.data Size: 498KB - Virtual size: 497KB

Size: 9KB - Virtual size: 9KB

.xdata Size: 6KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 4KB

Headers

File Characteristics

PDB Paths

Sections

.text Size: 24KB - Virtual size: 24KB

.data Size: 5KB - Virtual size: 5KB

.pdata Size: 928B - Virtual size: 912B

.xdata Size: 512B - Virtual size: 488B

.reloc Size: 96B - Virtual size: 88B

.text
Size: 398KB - Virtual size: 398KB

.data
Size: 498KB - Virtual size: 497KB

.xdata
Size: 6KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 24KB

.data
Size: 5KB - Virtual size: 5KB

.pdata
Size: 928B - Virtual size: 912B

.xdata
Size: 512B - Virtual size: 488B

.reloc
Size: 96B - Virtual size: 88B