| 文件名 | BOOTX64.EFI |
| 文件类型 |
PE32+ executable (EFI application) x86-64 (stripped to external PDB), for MS Windows
|
| 扫描器版本 | 1.0.179.174 |
| 数据库版本 | 2024-06-14 02:00:26 UTC |
恶意软件家族: Heuristic
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
8628f48c5d38765c52418242dbe5c981
|
|
| SHA1 |
8fd74db62ca9bf83e14837ad5c7a925732ce5403
|
|
| SHA256 |
5acea78ea3b73d67039e6feb1e0465e7291b999066f3fbe923f58c58e78d1ea7
|
|
| SHA512 |
ce630b363aa7f2a960f39da70b53ed1251fafdc7bbe5228bf397258b84d0fe7b615df51ca5c0c2d258f66075180cd43cd94d140ea8d85f8d1d88f49515cf39a6
|
| 映像基址 | 0x00000000 |
| 入口点 | 0x00022000 |
| 编译时间 | 1970-01-01 00:00:00 |
| 校验和 | 0x000eb819 (实际: 0x000f0dea) |
| 操作系统版本 | 0.0 |
| PEiD 签名 |
PE32+ executable (EFI application) x86-64 (stripped to external PDB), for MS Windows
|
| 数字签名 | Chain verification from [email protected], O=openSUSE Project, L=Nuremberg, C=DE, CN=openSUSE Secure Boot Signkey (serial:18068117070991220324, sha1:bdd31a9e0f7ed312768465e6578e0dc000644616) failed: Unable to build a validation path for the certificate "Email Address: [email protected], Organization: openSUSE Project, Locality: Nuremberg, Country: DE, Common Name: openSUSE Secure Boot Signkey" - no issuer matching "Email Address: [email protected], Organization: openSUSE Project, Locality: Nuremberg, Country: DE, Common Name: openSUSE Secure Boot CA" was found |
| 导入 | 0 |
| 导出 | 0 函数 |
| 资源 | 0 资源 |
| 节 | 9 节 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
/4 |
0x00005000 |
117,372 bytes | 117,760 bytes | 5.05 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_8BYTES
|
72EB66F12D4C4A5F00871DC55345EC18 |
.text |
0x00022000 |
379,321 bytes | 379,392 bytes | 6.37 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_16BYTES
|
4812AC382A9F9B4E6305194FB8412F4D |
.reloc |
0x0007f000 |
10 bytes | 512 bytes | 0.02 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES
|
0C45F6D812D079821C1D54C09AB89E1D |
/14 |
0x00080000 |
107 bytes | 512 bytes | 1.77 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_32BYTES
|
4A9C0E1E087EABA1EE304195993BB2DD |
.data |
0x00081000 |
179,640 bytes | 179,712 bytes | 4.38 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_32BYTES
|
5B0004C520FE2CA7E6B471C301377E7B |
/26 |
0x000ad000 |
6,284 bytes | 6,656 bytes | 7.24 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES
|
27662B1C8B6F123C8B8CAEBAB249A64D |
.dynamic |
0x000af000 |
256 bytes | 512 bytes | 0.46 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_8BYTES
|
AAA5D1E8B1659AF0350B16B07750A137 |
.rela |
0x000b0000 |
111,312 bytes | 111,616 bytes | 2.58 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_8BYTES
|
D6E6AC55DA5A42FBB00415A907FACBB0 |
.sbat |
0x000cc000 |
205 bytes | 512 bytes | 2.88 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES
|
6A0888BD56C49624DE35E6BAEB9CAE1F |
1 检测到较高熵(≥6.5)的节 - 可能存在压缩
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
Chain verification from [email protected], O=openSUSE Project, L=Nuremberg, C=DE, CN=openSUSE Secure Boot Signkey (serial:18068117070991220324, sha1:bdd31a9e0f7ed312768465e6578e0dc000644616) failed: Unable to build a validation path for the certificate "Email Address: [email protected], Organization: openSUSE Project, Locality: Nuremberg, Country: DE, Common Name: openSUSE Secure Boot Signkey" - no issuer matching "Email Address: [email protected], Organization: openSUSE Project, Locality: Nuremberg, Country: DE, Common Name: openSUSE Secure Boot CA" was found
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
