BIOS malware?

Discussion in 'BIOS Mods' started by KOLANICH, Sep 9, 2014.

  1. KOLANICH

    KOLANICH MDL Novice

    Jul 5, 2013
    22
    0
    0
    #1 KOLANICH, Sep 9, 2014
    Last edited: Sep 9, 2014
    Hi. some time ago I've reflashed my bios (with rom3.bin).
    Some time after it I dumped it and found it differs a little (rom.bin). There is something which looks like PE in the beginning of the file (instead of empty space)!
    After some time I have dumped it again. It have changed again! (rom2.bin)

    The diff between rom.bin and rom2.bin looks like a hardware configuration, but I have dumped CMOS through /dev/nvram before flashing, reflashed bios again, restored CMOS, and dumped again (rom3.bin). Matched with original from vendor site! If the diff had been a configuration, it wouldn't have matched.

    Could this be a (government) malware?
    The files are in

    www sendspace com filegroup y95Wactzzz79s6kdXw17kdNmov%2BEvSlK

    (add the punctuation, I am not allowed to post links)
     
  2. nexus76

    nexus76 MDL Addicted

    Jan 25, 2009
    783
    296
    30
    bios content differs as soon as you change any settings, the config is stored into nvram.
    no malware for sure. not a lot of difference.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...