efihatred[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

efihatred.rar
Size

339KB
MD5

2d0955b6ebbd13898b9674e6432a7f00
SHA1

ac85158d680d528ccdbd2baec1ad23c600f190e6
SHA256

779fcb2e867f5a9dca712aca1f45fe402906aea8303ef463e6f479b2ff776dae
SHA512

d2c5bbcbdf0f06f69c99edba621824647f828a30f58ca97dd49521e44f8752558ea17e8594527f5fe0a2a37f6aa1eca3b467cb97f58a16504f7291b8883e95d2
SSDEEP

6144:DBK5KUBhsOiOjql9JYMeg+JEl9TsTi3IwmPMebHdqF9OuOIlgdkmVOZO8gP:WKUdxQJYMOuTsTi4wL6qniIuB1

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/efihatred/efi/EfiGuardDxe.efi
unpack001/efihatred/efi/boot/BOOTX64.efi
unpack001/efihatred/efi/ione.efi
unpack001/efihatred/kernel.sys

Files

efihatred.rar
.rar
efihatred/efi/EfiGuardDxe.efi
.dll windows:0 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

EfiGuardDxe.pdb

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 255KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
efihatred/efi/boot/BOOTX64.efi
.dll windows:0 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 421KB - Virtual size: 421KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 499KB - Virtual size: 499KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.xdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
efihatred/efi/boot/startup.nsh
efihatred/efi/ione.efi
.dll windows:0 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Admin\Documents\proj\xigmapper\x64\Release\efi driver.pdb

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 608B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 672B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 96B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
efihatred/kernel.sys
.sys windows:10 windows x64 arch:x64

f1b779fce1420e3923c2781f3a1debbd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MADE BY NEXLEVEL- FREE ON UNKNOWNCHEATS - DO NOT SELL THIS............

Imports

ntoskrnl.exe

strstr
RtlInitUnicodeString
ExAllocatePool
ExFreePoolWithTag
ObfDereferenceObject
ObReferenceObjectByName
ZwQuerySystemInformation
IoDriverObjectType

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 298B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

PDB Paths

Sections

.text Size: 42KB - Virtual size: 42KB

.data Size: 255KB - Virtual size: 254KB

.pdata Size: 1024B - Virtual size: 984B

.xdata Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 16B

Headers

File Characteristics

Sections

.text Size: 421KB - Virtual size: 421KB

.data Size: 499KB - Virtual size: 499KB

Size: 10KB - Virtual size: 10KB

.xdata Size: 6KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 4KB

Headers

File Characteristics

PDB Paths

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 5KB - Virtual size: 5KB

.pdata Size: 608B - Virtual size: 588B

.xdata Size: 672B - Virtual size: 664B

.reloc Size: 96B - Virtual size: 88B

f1b779fce1420e3923c2781f3a1debbd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 1020B

.data Size: 512B - Virtual size: 16B

.pdata Size: 512B - Virtual size: 108B

INIT Size: 512B - Virtual size: 298B

.reloc Size: 512B - Virtual size: 20B

.text
Size: 42KB - Virtual size: 42KB

.data
Size: 255KB - Virtual size: 254KB

.pdata
Size: 1024B - Virtual size: 984B

.xdata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 16B

.text
Size: 421KB - Virtual size: 421KB

.data
Size: 499KB - Virtual size: 499KB

.xdata
Size: 6KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 5KB - Virtual size: 5KB

.pdata
Size: 608B - Virtual size: 588B

.xdata
Size: 672B - Virtual size: 664B

.reloc
Size: 96B - Virtual size: 88B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 1020B

.data
Size: 512B - Virtual size: 16B

.pdata
Size: 512B - Virtual size: 108B

INIT
Size: 512B - Virtual size: 298B

.reloc
Size: 512B - Virtual size: 20B