Report - github.com/tianocore/edk2-BaseTools-win32/archive/master.zip

Report Overview

Submitted URL
github.com/tianocore/edk2-BaseTools-win32/archive/master.zip
IP
140.82.121.4
ASN
#36459 GITHUB
Submitted
2024-04-24 05:59:01
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
codeload.github.com	62359	2007-10-09	2013-04-18	2024-04-22	526 B	18 MB	140.82.121.10
github.com	1423	2007-10-09	2016-07-13	2024-03-24	514 B	3.5 kB	140.82.121.4

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
codeload.github.com/tianocore/edk2-BaseTools-win32/zip/refs/heads/master
IP
140.82.121.10
ASN
#36459 GITHUB

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
18 MB (17919127 bytes)
Hash
6a4398ac7d35ebd8f1434191f4bb0da8
3a9335baa067dbfb31caec80a472ea3bb553cda1
b8b0dfe2c7d9abefabe16e9ef1930774f78e7884b60ed353f76930c9db217be6

Archive (66)

Filename

Md5

File type

CompilerIntrinsicsLib.lib

6e3ece13f7494840db83a471b89f1da4

ELF 32-bit LSB relocatable, ARM, EABI5 version 1 (SYSV)

CompilerIntrinsicsLib.lib

3c59fa4eea9ce4c181a08fc002477b08

ELF 32-bit LSB relocatable, ARM, EABI5 version 1 (SYSV)

BPDG.exe

bca59f94d844e17a985e94867365ffb6

PE32 executable (console) Intel 80386, for MS Windows, 4 sections

BootSectImage.exe

99613ba97d9d58ddba5020182cc24ce6

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

Brotli.exe

4e6477459507514fe518613ee8f79000

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

BrotliCompress.bat

9e518b25d27be7a2c23a1db79616e990

DOS batch file, ASCII text, with CRLF line terminators

Common.PyUtility.pyd

6bfa9c6a88581fd534f8d8caab2864a0

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

DevicePath.exe

394c8fd38569a02e6bd0c1694fd9a92c

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

Ecc.exe

ccb85583eab5b7f7a7121c538fb7b8d8

PE32 executable (console) Intel 80386, for MS Windows, 4 sections

EfiCompressor.pyd

87b9356f5fe220b1f48a5069be234e7c

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

EfiLdrImage.exe

deb3b48410415d1502722b0485d8729f

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

EfiRom.exe

e082623e7adfde8266e5847edf91df0f

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

Eot.EfiCompressor.pyd

87b9356f5fe220b1f48a5069be234e7c

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

Eot.LzmaCompressor.pyd

fc99a950fff2a9ba503be53fbb333fed

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

GenBootSector.exe

b05c09d521aa65b1e33a1e6ba479f6da

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

GenCrc32.exe

a65435e4e4264894efc52666f9dda480

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

GenDepex.exe

90798c6a20b651d309a3df07ca7f3d1c

PE32 executable (console) Intel 80386, for MS Windows, 4 sections

GenFds.exe

fa442cf33a790ebe23536a606ff9f7ae

PE32 executable (console) Intel 80386, for MS Windows, 4 sections

GenFfs.exe

87437781a363cda17a48c5e48e19344d

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

GenFv.exe

29764f496f4ddd3e052fd9828ae6348d

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

GenFw.exe

65c7fcfc6e4ca94c0318532cea2dea0a

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

GenPage.exe

ea482abd3c84d5fdf2f057cd7e42081a

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

GenPatchPcdTable.exe

9d98d1785c43cba09852e3f82b645827

PE32 executable (console) Intel 80386, for MS Windows, 4 sections

GenSec.exe

19df2e1f6a29a222cc06dec311165a95

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

GenVtf.exe

4cb2b0412934237fab91b4b8f8bca1d2

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

ImportTool.bat

cf8464df1c928175269143173d83c7ae

DOS batch file, ASCII text, with CRLF line terminators

LzmaCompress.exe

90be2bcaa1a7156f2dc4cabbc72dd16a

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

LzmaF86Compress.bat

8df5000fa9e1d05253b5689845680d49

DOS batch file, ASCII text, with CRLF line terminators

PatchPcdValue.exe

41959521487f4ecfa6cbeab269760eba

PE32 executable (console) Intel 80386, for MS Windows, 4 sections

Pkcs7Sign.exe

7afad3821b5e7ae4a7125f767ab2f3b9

PE32 executable (console) Intel 80386, for MS Windows, 4 sections

Readme.txt

272b3abc4e240ad08a23e5e11e355d41

ASCII text, with CRLF line terminators

Rsa2048Sha256GenerateKeys.exe

4d29224a28e7eeec3202c7ea6b52a972

PE32 executable (console) Intel 80386, for MS Windows, 4 sections

Rsa2048Sha256Sign.exe

9e5d5f6a51d21a5e32df5a419be948dd

PE32 executable (console) Intel 80386, for MS Windows, 4 sections

Split.exe

58d0c2b255c4728a7e0057524aa69b0e

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

TargetTool.exe

5c9ab4e4ec59d73169c5ea3df2744a48

PE32 executable (console) Intel 80386, for MS Windows, 4 sections

TestCert.pem

2d5029546fc85b3916a6c1eb60efe4d4

ASCII text, with CRLF line terminators

TestCert.pub.pem

b1170cdf2efea151e42a3a20680d0a9a

PEM certificate

TestRoot.pem

82905912f2e29bd574ccc35e6f810260

ASCII text, with CRLF line terminators

TestRoot.pub.pem

b3cb2c344079985814b0012dd80db58a

PEM certificate

TestSigningPrivateKey.pem

99d8e46c24f1e504f37446df919be510

PEM RSA private key

TestSub.pem

dff8810748e0495553cbf667c38b8365

ASCII text

TestSub.pub.pem

9e629288576dced772f9eecdc8b7605d

PEM certificate

TianoCompress.exe

3c0d9222e7ff7301bac55264ea5bc0b6

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

Trim.exe

9791b1d65a91260d6939d2a5f61a69fd

PE32 executable (console) Intel 80386, for MS Windows, 4 sections

UPT.exe

91b6c305d931e86d310890299f47d128

PE32 executable (console) Intel 80386, for MS Windows, 4 sections

VfrCompile.exe

bee91303b135aa5cfb62bdf2a407df36

PE32 executable (console) Intel 80386, for MS Windows, 6 sections

VolInfo.exe

1f6969ed6a88bc659446ced589d7466b

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

_ctypes.pyd

f1134b690b2dc0e6aa0f31be1ed9b05f

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

_hashlib.pyd

24c2f70ff5c6eaddb995f2cbb4bc4890

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

_multiprocessing.pyd

4f7cfe168ff9fb400cac099cf3336145

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

_socket.pyd

a9cc2ff4f9cb6f6f297c598e9f541564

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

_sqlite3.pyd

cf6e48afbad2a930775723387080d2c3

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

_ssl.pyd

d0e36d53cbcea2ac559fec2c596f5b06

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

build.exe

727e94fecdb0a8c2ab18feeba9c4dea3

PE32 executable (console) Intel 80386, for MS Windows, 4 sections

bz2.pyd

9897fb7cfe7f78b4e4521d8d437bea0e

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

config.ini

11e0bd50e2014914bfd666cccb1b45f0

ASCII text, with CRLF line terminators

exception.xml

f3f4d5bd8e50ca132d50b6dff7a3173a

XML 1.0 document, ASCII text, with CRLF line terminators

pyexpat.pyd

6ab0907cb39324f03769092dd45caa80

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

python27.dll

ffc6f8636ed28f50b4a509f21658dfb2

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

pywintypes27.dll

7fa49d1d53588cca5071dfaa61061087

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

select.pyd

bdc7b944b9319f9708af1949b42bae4b

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

sqlite3.dll

09c376407c4874290d9a927c111468b0

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

unicodedata.pyd

cfa3517e25c37e808af38fbeaf7f456e

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

win32api.pyd

4a1ebd35719d263205eb014913b784bf

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

win32pipe.pyd

de374eded459293b2a7eb8ed8fb38eaa

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

win32wnet.pyd

12158d60c45121d62e7b07abaa53efb3

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size
	github.com/tianocore/edk2-BaseTools-win32/archive/master.zip	140.82.121.4	302 Found	0 B
URL User Request GET HTTP/2 github.com/tianocore/edk2-BaseTools-win32/archive/master.zip IP 140.82.121.4:443 ASN #36459 GITHUB Certificate IssuerSectigo Limited Subjectgithub.com FingerprintE7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0 ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /tianocore/edk2-BaseTools-win32/archive/master.zip HTTP/1.1 Host: github.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 302 Found server: GitHub.com date: Wed, 24 Apr 2024 05:58:29 GMT content-type: text/html; charset=utf-8 vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With location: https://codeload.github.com/tianocore/edk2-BaseTools-win32/zip/refs/heads/master cache-control: max-age=0, private strict-transport-security: max-age=31536000; includeSubdomains; preload x-frame-options: deny x-content-type-options: nosniff x-xss-protection: 0 referrer-policy: no-referrer-when-downgrade content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com .actions.githubusercontent.com wss://.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ content-length: 0 x-github-request-id: 6DBB:0F8B:B60D04:BA43B3:66289F85 X-Firefox-Spdy: h2

	codeload.github.com/tianocore/edk2-BaseTools-win32/zip/refs/heads/master	140.82.121.10	200 OK	18 MB
URL User Request GET HTTP/2 codeload.github.com/tianocore/edk2-BaseTools-win32/zip/refs/heads/master IP 140.82.121.10:443 ASN #36459 GITHUB Certificate IssuerSectigo Limited Subject.github.com Fingerprint0D:F6:EC:50:FA:ED:AE:6E:13:AF:82:94:52:F7:11:1B:0A:CF:7C:20 ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT File type Zip archive data, at least v1.0 to extract, compression method=store Size 18 MB (17919127 bytes) Hash 6a4398ac7d35ebd8f1434191f4bb0da8 3a9335baa067dbfb31caec80a472ea3bb553cda1 b8b0dfe2c7d9abefabe16e9ef1930774f78e7884b60ed353f76930c9db217be6 HTTP Headers GET /tianocore/edk2-BaseTools-win32/zip/refs/heads/master HTTP/1.1 Host: codeload.github.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK access-control-allow-origin: https://render.githubusercontent.com content-disposition: attachment; filename=edk2-BaseTools-win32-master.zip content-length: 17919127 content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox content-type: application/zip cross-origin-resource-policy: cross-origin etag: W/"6ba32ea1e1d2a89d8f74d29300b67a040acc0a07eb3e81df896f21044232650c" strict-transport-security: max-age=31536000 vary: Authorization,Accept-Encoding,Origin x-content-type-options: nosniff x-frame-options: deny x-xss-protection: 1; mode=block date: Wed, 24 Apr 2024 05:58:30 GMT x-github-request-id: B7AC:2BF90D:82FE92:A1B070:66289F85 X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (66)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers