EFI[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

EFI.zip
Size

181.3MB
MD5

7188e010d14d844aa9160b4d9fede11a
SHA1

4222c9b25e245ed20112fb0518ee14ede665e86e
SHA256

531138f1aa972b777ad97eee071f87039d7c63ffa0f2b8ab32f6be127e96b059
SHA512

ce7c6d0da5a0dffbd0ff3d02f1dbadb3ff3f93eda0d94e85b063c04fb268f8a6d6f89f66de89f0bbf247d876f0e7db073ca2cfafecf29938dd410fa9a01dbfd4
SSDEEP

3145728:a7Zg/Y+E8umHi9yOs38248ffVpTxtiKyRtrwhQJhHIWthTEDI0Iha37YdwMLQCI:aJKi9gHfnfybwhkDilIhaXMLTI

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/EFI/boot/bootx64.efi
unpack001/EFI/boot/vmlinuz

Files

EFI.zip
.zip
EFI/VentoyLiveCD
EFI/boot/boot.cat
EFI/boot/bootx64.efi
.exe windows:0 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mods
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EFI/boot/cdrom.img
EFI/boot/efi.img
EFI/boot/grub.cfg
EFI/boot/initrd
EFI/boot/vmlinuz
.exe windows:6 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Sections

Size: 10.7MB - Virtual size:

IMAGE_SCN_CNT_CODE

��
Size: 58.5MB - Virtual size:

Size: - Virtual size:

Size: - Virtual size: