8b88b928-4717-4a30-832e-dcb3bb15b7a3

bootia32.efi

Description

This was provided by Isoo Software Dev Co Ltd and revoked Jul-20

UUID: 8b88b928-4717-4a30-832e-dcb3bb15b7a3
Created: 2023-05-22
Author: Michael Haag
Acknowledgement: |

This download link contains the Revoked Bootloader!

Commands


          1
          bcdedit /copy "{current}" /d "TheBoots" | {% if ($_ -match '{\S+}') { bcdedit /set $matches[0] path \windows\temp\bootia32.efi } }

not set

Use Case	Privileges	Operating System
Persistence		32-bit

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Renamed

for renamed bootloader files

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources

https://uefi.org/revocationlistfile

https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca

CVE

Known Vulnerable Samples

Property	Value
Filename	bootia32.efi
MD5	b1aea18419d0643fb2e4d8f6da2ae461
SHA1	3085f38227977dce8dac3b29c92b0103e5b5eae8
SHA256	56f9e50da4817b1de9d9291eb5f2bc63703ca3e6f4a8571bde28cf756e2c80ba
Authentihash MD5	40b8a117af84ea3225963daf421eccb3
Authentihash SHA1	99823dd47cfe71774cb0fcc687fa1da921b6240b
Authentihash SHA256	bd882355bf6813cf88ec0b83b6133691100f480381ac06531c3d5909cf1fb626
RichPEHeaderHash MD5	ffdf660eb1ebf020a1d0a55a90712dfb
RichPEHeaderHash SHA1	3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
RichPEHeaderHash SHA256	2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6

Certificates

Expand

Certificate 330000002530b3d3726ee3f72f000100000025

Field	Value
ToBeSigned (TBS) MD5	a5052527524f4998a7bd87f396196fe8
ToBeSigned (TBS) SHA1	2374a3e4f0499d106f0e4d71a22f7b0e709847c0
ToBeSigned (TBS) SHA256	f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher
ValidFrom	2017-08-11 20:20:00
ValidTo	2018-08-11 20:20:00
Signature	6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	False
SerialNumber	330000002530b3d3726ee3f72f000100000025
Version	3

Certificate 6108d3c4000000000004

Field	Value
ToBeSigned (TBS) MD5	1f23e75a000f0b6db92650dc26ac98e1
ToBeSigned (TBS) SHA1	bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d
ToBeSigned (TBS) SHA256	9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011
ValidFrom	2011-06-27 21:22:45
ValidTo	2026-06-27 21:32:45
Signature	350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	6108d3c4000000000004
Version	3

Imports

Expand

Imports

Expand

ImportedFunctions

Expand

ExportedFunctions

Expand

Signature

Expand


          1
          {
        
          2
          "Certificates": [
        
          3
          {
        
          4
          "IsCertificateAuthority": false,
        
          5
          "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
        
          6
          "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
        
          7
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
        
          8
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
        
          9
          "TBS": {
        
          10
          "MD5": "a5052527524f4998a7bd87f396196fe8",
        
          11
          "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
        
          12
          "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
        
          13
          },
        
          14
          "ValidFrom": "2017-08-11 20:20:00",
        
          15
          "ValidTo": "2018-08-11 20:20:00",
        
          16
          "Version": 3
        
          17
          },
        
          18
          {
        
          19
          "IsCertificateAuthority": true,
        
          20
          "SerialNumber": "6108d3c4000000000004",
        
          21
          "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
        
          22
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
        
          23
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
        
          24
          "TBS": {
        
          25
          "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
        
          26
          "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
        
          27
          "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
        
          28
          },
        
          29
          "ValidFrom": "2011-06-27 21:22:45",
        
          30
          "ValidTo": "2026-06-27 21:32:45",
        
          31
          "Version": 3
        
          32
          }
        
          33
          ],
        
          34
          "CertificatesInfo": "",
        
          35
          "Signer": [
        
          36
          {
        
          37
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
        
          38
          "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
        
          39
          "Version": 1
        
          40
          }
        
          41
          ],
        
          42
          "SignerInfo": ""
        
          43
          }

...

not set

source

last_updated: 2023-08-31