8afa8fb8-bd3a-4033-9f71-3d1e574708ce

BOOTX64.EFI :inline

This was provided by Red Hat Inc. and revoked Jul-20

  • UUID: 8afa8fb8-bd3a-4033-9f71-3d1e574708ce
  • Created: 2023-05-22
  • Author: Michael Haag
  • Acknowledgement: |

Download

This download link contains the Revoked Bootloader!

          1
          bcdedit /copy "{current}" /d "TheBoots" | {% if ($_ -match '{\S+}') { bcdedit /set $matches[0] path \windows\temp\BOOTX64.EFI } }
        
not set
Use CasePrivilegesOperating System
Persistence64-bit
Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Renamed

for renamed bootloader files
Expand

Names

detects loading using name only

Hashes

detects loading using hashes only
Expand

Block

on hashes

Alert

on hashes

  • https://uefi.org/revocationlistfile
  • https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca

  • CVE-2020-10713
  • CVE-2020-14308
  • CVE-2020-14309
  • CVE-2020-14310
  • CVE-2020-14311
  • CVE-2020-15705
  • CVE-2020-15706
  • CVE-2020-15707
  • Expand
    FieldValue
    ToBeSigned (TBS) MD58d8a1f204c9c80213bd427fa58b387e2
    ToBeSigned (TBS) SHA18d78e1742b948f0c8298e560dd71fe1594020386
    ToBeSigned (TBS) SHA2561bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher
    ValidFrom2018-07-03 20:53:01
    ValidTo2019-07-26 20:53:01
    Signature54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityFalse
    SerialNumber330000002b4b79b3694d12118700010000002b
    Version3
    FieldValue
    ToBeSigned (TBS) MD51f23e75a000f0b6db92650dc26ac98e1
    ToBeSigned (TBS) SHA1bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d
    ToBeSigned (TBS) SHA2569589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011
    ValidFrom2011-06-27 21:22:45
    ValidTo2026-06-27 21:32:45
    Signature350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber6108d3c4000000000004
    Version3
    Expand
    Expand
    Expand
    Expand
    Expand
    
              1
              {
            
              2
              "Certificates": [
            
              3
              {
            
              4
              "IsCertificateAuthority": false,
            
              5
              "SerialNumber": "330000002b4b79b3694d12118700010000002b",
            
              6
              "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
            
              7
              "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
            
              8
              "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
            
              9
              "TBS": {
            
              10
              "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
            
              11
              "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
            
              12
              "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
            
              13
              },
            
              14
              "ValidFrom": "2018-07-03 20:53:01",
            
              15
              "ValidTo": "2019-07-26 20:53:01",
            
              16
              "Version": 3
            
              17
              },
            
              18
              {
            
              19
              "IsCertificateAuthority": true,
            
              20
              "SerialNumber": "6108d3c4000000000004",
            
              21
              "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
            
              22
              "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
            
              23
              "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
            
              24
              "TBS": {
            
              25
              "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
            
              26
              "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
            
              27
              "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
            
              28
              },
            
              29
              "ValidFrom": "2011-06-27 21:22:45",
            
              30
              "ValidTo": "2026-06-27 21:32:45",
            
              31
              "Version": 3
            
              32
              }
            
              33
              ],
            
              34
              "CertificatesInfo": "",
            
              35
              "Signer": [
            
              36
              {
            
              37
              "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
            
              38
              "SerialNumber": "330000002b4b79b3694d12118700010000002b",
            
              39
              "Version": 1
            
              40
              }
            
              41
              ],
            
              42
              "SignerInfo": ""
            
              43
              }
            
    ...
    not set

    source

    last_updated: 2023-08-31