| 文件名 | bootx64.efi |
| 文件类型 |
PE32+ executable (EFI application) x86-64 (stripped to external PDB), for MS Windows
|
| 扫描器版本 | 1.0.221.174 |
| 数据库版本 | 2025-07-21 05:00:28 UTC |
恶意软件家族: Heuristic
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
c661c777be57e43cc5f5ab426e3623d1
|
|
| SHA1 |
e4943f42d947235a4a93b7a7c22fc830f6268c73
|
|
| SHA256 |
4f5c118a947b3af976ff6b5df05a46c7c2d1d77c0c8199e8ff81397566452e5b
|
|
| SHA512 |
117ee80d4f9d7d0945efaf84bff333a698799d4c3b147c2bf03d24fb10af9dbc5c4388edac3d0450e01284f9fe4b1f664d11f2d70cd9fa8f4e60077d548ea482
|
| 映像基址 | 0x00000000 |
| 入口点 | 0x00023000 |
| 编译时间 | 1970-01-01 00:00:00 |
| 校验和 | 0x000e5cd1 (实际: 0x000f156e) |
| 操作系统版本 | 0.0 |
| PEiD 签名 |
PE32+ executable (EFI application) x86-64 (stripped to external PDB), for MS Windows
|
| 数字签名 | Chain verification from [email protected], OU=Build Team, O=SUSE Linux Products GmbH, L=Nuremberg, C=DE, CN=SUSE Linux Enterprise Secure Boot Signkey (serial:14626765626405128578, sha1:76b6a6a0b22bccb13f465f7c489e7939fde09e83) failed: Unable to build a validation path for the certificate "Email Address: [email protected], Organizational Unit: Build Team, Organization: SUSE Linux Products GmbH, Locality: Nuremberg, Country: DE, Common Name: SUSE Linux Enterprise Secure Boot Signkey" - no issuer matching "Email Address: [email protected], Organizational Unit: Build Team, Organization: SUSE Linux Products GmbH, Locality: Nuremberg, Country: DE, Common Name: SUSE Linux Enterprise Secure Boot CA" was found |
| 导入 | 0 |
| 导出 | 0 函数 |
| 资源 | 0 资源 |
| 节 | 10 节 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
/4 |
0x00005000 |
121,564 bytes | 121,856 bytes | 5.10 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
A026FA65067B52535AF22024C92498A7 |
.text |
0x00023000 |
394,081 bytes | 394,240 bytes | 6.37 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
AA4225F42EEAEA28A7D39DE88651C2D5 |
.reloc |
0x00084000 |
10 bytes | 512 bytes | 0.02 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
0C45F6D812D079821C1D54C09AB89E1D |
/14 |
0x00085000 |
107 bytes | 512 bytes | 1.79 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
2BCDC2ED3C80C91E1B51AE5626936A0A |
/26 |
0x00086000 |
106 bytes | 512 bytes | 1.48 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
8CAC229FB51C28086FA5221ECF848C12 |
.data |
0x00087000 |
187,160 bytes | 187,392 bytes | 4.38 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
14412CC5659439CAE5BA341778A08A65 |
/37 |
0x000b5000 |
7,618 bytes | 7,680 bytes | 7.37 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
C040A53DBB363B76BEA4E28F5286573E |
.dynamic |
0x000b7000 |
256 bytes | 512 bytes | 0.48 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
BDF77E6B18EEC54C2A97C9C4645DB38D |
.rela |
0x000b8000 |
111,672 bytes | 112,128 bytes | 2.60 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
14C267D20193D5C44967DDA1399D86F9 |
.sbat |
0x000d4000 |
196 bytes | 512 bytes | 2.79 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
BDB18CB7433EB152AB60E36EC35CC310 |
1 检测到较高熵(≥6.5)的节 - 可能存在压缩
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
Chain verification from [email protected], OU=Build Team, O=SUSE Linux Products GmbH, L=Nuremberg, C=DE, CN=SUSE Linux Enterprise Secure Boot Signkey (serial:14626765626405128578, sha1:76b6a6a0b22bccb13f465f7c489e7939fde09e83) failed: Unable to build a validation path for the certificate "Email Address: [email protected], Organizational Unit: Build Team, Organization: SUSE Linux Products GmbH, Locality: Nuremberg, Country: DE, Common Name: SUSE Linux Enterprise Secure Boot Signkey" - no issuer matching "Email Address: [email protected], Organizational Unit: Build Team, Organization: SUSE Linux Products GmbH, Locality: Nuremberg, Country: DE, Common Name: SUSE Linux Enterprise Secure Boot CA" was found
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
