Gridinsoft Logo

BOOTX64.EFI Trojan Heuristic Analysis

Updated 1 year ago
Checked by Malware Check
BOOTX64.EFI

Technical Analysis

File Name BOOTX64.EFI
File Type
PE32+ executable (EFI application) x86-64 (stripped to external PDB), for MS Windows
Scanner Version 1.0.179.174
Database Version 2024-06-14 02:00:26 UTC

Trojan.Heur!.0001A1AF

Malware family: Heuristic

Heuristic detection uses behavioral analysis and pattern recognition to identify potential threats without specific signatures. This proactive approach detects suspicious code behavior that may indicate malware presence. Detection may occasionally produce false positives when legitimate software exhibits similar behavioral patterns.
N/A
Detection Rate
934,024
File Size (bytes)
2024-06-14
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
8628f48c5d38765c52418242dbe5c981
SHA1
8fd74db62ca9bf83e14837ad5c7a925732ce5403
SHA256
5acea78ea3b73d67039e6feb1e0465e7291b999066f3fbe923f58c58e78d1ea7
SHA512
ce630b363aa7f2a960f39da70b53ed1251fafdc7bbe5228bf397258b84d0fe7b615df51ca5c0c2d258f66075180cd43cd94d140ea8d85f8d1d88f49515cf39a6

PE Analysis

Basic Information

Image Base 0x00000000
Entry Point 0x00022000
Compilation Time 1970-01-01 00:00:00
Checksum 0x000eb819 (Actual: 0x000f0dea)
OS Version 0.0
PEiD Signatures PE32+ executable (EFI application) x86-64 (stripped to external PDB), for MS Windows
Digital Signature Chain verification from [email protected], O=openSUSE Project, L=Nuremberg, C=DE, CN=openSUSE Secure Boot Signkey (serial:18068117070991220324, sha1:bdd31a9e0f7ed312768465e6578e0dc000644616) failed: Unable to build a validation path for the certificate "Email Address: [email protected], Organization: openSUSE Project, Locality: Nuremberg, Country: DE, Common Name: openSUSE Secure Boot Signkey" - no issuer matching "Email Address: [email protected], Organization: openSUSE Project, Locality: Nuremberg, Country: DE, Common Name: openSUSE Secure Boot CA" was found
Imports 0
Exports 0 functions
Resources 0 Resources
Sections 9 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
/4 0x00005000 117,372 bytes 117,760 bytes 5.05 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_8BYTES 72EB66F12D4C4A5F00871DC55345EC18
.text 0x00022000 379,321 bytes 379,392 bytes 6.37 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_16BYTES 4812AC382A9F9B4E6305194FB8412F4D
.reloc 0x0007f000 10 bytes 512 bytes 0.02 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES 0C45F6D812D079821C1D54C09AB89E1D
/14 0x00080000 107 bytes 512 bytes 1.77 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_32BYTES 4A9C0E1E087EABA1EE304195993BB2DD
.data 0x00081000 179,640 bytes 179,712 bytes 4.38 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_32BYTES 5B0004C520FE2CA7E6B471C301377E7B
/26 0x000ad000 6,284 bytes 6,656 bytes 7.24 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES 27662B1C8B6F123C8B8CAEBAB249A64D
.dynamic 0x000af000 256 bytes 512 bytes 0.46 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_8BYTES AAA5D1E8B1659AF0350B16B07750A137
.rela 0x000b0000 111,312 bytes 111,616 bytes 2.58 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_8BYTES D6E6AC55DA5A42FBB00415A907FACBB0
.sbat 0x000cc000 205 bytes 512 bytes 2.88 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES 6A0888BD56C49624DE35E6BAEB9CAE1F
Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

Chain verification from [email protected], O=openSUSE Project, L=Nuremberg, C=DE, CN=openSUSE Secure Boot Signkey (serial:18068117070991220324, sha1:bdd31a9e0f7ed312768465e6578e0dc000644616) failed: Unable to build a validation path for the certificate "Email Address: [email protected], Organization: openSUSE Project, Locality: Nuremberg, Country: DE, Common Name: openSUSE Secure Boot Signkey" - no issuer matching "Email Address: [email protected], Organization: openSUSE Project, Locality: Nuremberg, Country: DE, Common Name: openSUSE Secure Boot CA" was found

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Trojan.Heur!.0001A1AF Removal

Gridinsoft has the capability to identify and eliminate Trojan.Heur!.0001A1AF without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware