bedrock_server[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

bedrock_server.exe
Size

20.6MB
MD5

1616eae1f28d2744cb804fef265dffd2
SHA1

737ca9a97e5e920f24ec0fc0377c7612888652a2
SHA256

f221488bc522858a95225857c07cf61f51077970f2ca01b8e0e47496f67cc10d
SHA512

f6b7976f06830b3ea511b6bbb4a22ba9db2fa03156e0ac9069539abaf9e29fb3ec9cbf6e661775e92280320e717518096b7fab149e2f8034a1eeb54fbe9033ee
SSDEEP

196608:JB0fN1GiOs8yd08Ug3a2JHfylAMUN/1rweSwQXK8l:JOOKdxJHfGLUN9rweSwQac

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bedrock_server.exe

Files

bedrock_server.exe
.exe windows x64

782d2212b0f3614c3a1aa32d5c2a0d71

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

chakra

JsHasException
JsGetAndClearException
JsGetProperty
JsSetCurrentContext
JsSetProperty
JsAddRef
JsGetPropertyIdFromName
JsStringToPointer
JsPointerToString
JsCreateFunction
JsConvertValueToNumber
JsCreateRuntime
JsCreateContext
JsDisposeRuntime
JsGetGlobalObject
JsCallFunction
JsGetNullValue
JsGetOwnPropertyNames
JsGetValueType
JsGetUndefinedValue
JsBooleanToBool
JsConvertValueToBoolean
JsConvertValueToString
JsNumberToDouble
JsNumberToInt
JsRelease
JsBoolToBoolean
JsDoubleToNumber
JsGetIndexedProperty
JsHasIndexedProperty
JsHasProperty
JsSetIndexedProperty
JsIntToNumber
JsCreateArray
JsCreateObject
JsRunScript
JsSetPromiseContinuationCallback
JsStartDebugging

ws2_32

getaddrinfo
getsockname
socket
inet_ntoa
gethostname
recvfrom
getsockopt
htons
freeaddrinfo
sendto
ioctlsocket
getnameinfo
setsockopt
ntohs
htonl
closesocket
bind
WSAIoctl
recv
connect
send
listen
shutdown
accept
__WSAFDIsSet
WSAStartup
WSACleanup
inet_ntop
select

dbghelp

SymInitialize
SymGetOptions
SymSetOptions
StackWalk64
SymGetModuleBase64
SymFunctionTableAccess64
UnDecorateSymbolName
SymFromAddr

kernel32

IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
CreateEventW
ResetEvent
InitializeCriticalSectionAndSpinCount
WaitNamedPipeW
InitializeSListHead
WaitForMultipleObjects
TransactNamedPipe
RtlLookupFunctionEntry
SetNamedPipeHandleState
VirtualQueryEx
GetProcessId
TerminateThread
CreateThread
CreateSemaphoreW
WaitForSingleObject
ReleaseSemaphore
SetUnhandledExceptionFilter
CreateFileW
GetSystemTime
FlushConsoleInputBuffer
GlobalMemoryStatus
LoadLibraryW
GetTickCount
GetModuleHandleW
WriteFile
GetFileType
OpenMutexA
GetLogicalProcessorInformation
SetCurrentDirectoryA
LoadLibraryA
FreeLibrary
K32GetProcessMemoryInfo
GetTempPathW
GlobalMemoryStatusEx
GetModuleFileNameW
GetVersionExA
GetNativeSystemInfo
GetDiskFreeSpaceExW
FindClose
FindNextFileW
FindFirstFileExW
LocalFree
GetLastError
GetDiskFreeSpaceW
FormatMessageA
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentThreadId
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
SetThreadAffinityMask
SetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimeAsFileTime
OutputDebugStringA
Sleep
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
SetEvent
WaitForSingleObjectEx
CreateEventA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetCurrentProcessId
GetStdHandle
SetConsoleTextAttribute
RaiseException
GetModuleHandleA
GetProcAddress
IsDebuggerPresent
TlsFree

user32

SetWindowPos
GetWindowRect
GetCursor
GetClientRect
GetWindowLongPtrA
SetWindowTextA
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
SystemParametersInfoA
ShowWindow
SetWindowLongPtrA
PostQuitMessage

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
ReportEventW
RegisterEventSourceW
DeregisterEventSource

shell32

SHGetKnownFolderPath
ShellExecuteA

ole32

CoTaskMemFree

msvcp140

_Strcoll
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Cnd_timedwait
_Mtx_current_owns
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_J@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
_Cnd_register_at_thread_exit
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
_Cnd_unregister_at_thread_exit
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?_XGetLastError@std@@YAXXZ
?__ExceptionPtrCurrentException@@YAXPEAX@Z
_Strxfrm
?id@?$collate@D@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
_Make_dir
_Equivalent
_Rename
_Lstat
_Remove_dir
_Unlink
_Stat
?_Winerror_message@std@@YAKKPEADK@Z
?_Ios_base_dtor@ios_base@std@@CAXPEAV12@@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
??_7ios_base@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
_Cnd_broadcast
?_Winerror_map@std@@YAHH@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?_Random_device@std@@YAIXZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Mtx_trylock
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_join
_Thrd_id
_Thrd_detach
?_Xout_of_range@std@@YAXPEBD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
_Cnd_wait
_Thrd_start
_Mtx_destroy
_Cnd_destroy
_Cnd_signal
_Mtx_lock
_Cnd_do_broadcast_at_thread_exit
_Mtx_init
_Cnd_init
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
_Query_perf_counter
_Query_perf_frequency
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Thrd_sleep
_Xtime_get_ticks
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
_Thrd_yield
?_Xbad_function_call@std@@YAXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
_Cnd_init_in_situ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
_Cnd_destroy_in_situ
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Syserror_map@std@@YAPEBDH@Z
_Thrd_hardware_concurrency
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

vcruntime140

wcsstr
_set_purecall_handler
_CxxThrowException
__std_type_info_compare
memchr
memmove
memset
memcpy
memcmp
__C_specific_handler
strrchr
strchr
strstr
_purecall
__std_exception_copy
__CxxFrameHandler3
__std_terminate
__std_exception_destroy

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode
realloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

signal
__p___argc
_invalid_parameter_noinfo
terminate
_set_invalid_parameter_handler
__p___argv
_c_exit
_errno
_initterm_e
raise
_exit
_initterm
_get_initial_narrow_environment
_register_thread_local_exe_atexit_callback
_set_app_type
exit
strerror
_seh_filter_exe
_beginthreadex
_configure_narrow_argv
_initialize_narrow_environment
_cexit
_initialize_onexit_table
_register_onexit_function
_set_errno
_crt_atexit
_invalid_parameter_noinfo_noreturn
strerror_s
_Exit

api-ms-win-crt-convert-l1-1-0

atoll
wcstol
strtof
strtol
strtoul
_strtoui64
atof
atoi

api-ms-win-crt-math-l1-1-0

log
fmodf
_fdtest
expf
log2
nearbyintf
atan2f
acosf
truncf
nextafterf
logf
atanf
roundf
pow
powf
log2f
__setusermatherr
sin
cosf
sinf

api-ms-win-crt-string-l1-1-0

_strnicmp
isxdigit
strcmp
strncpy
isdigit
isupper
isspace
tolower
toupper
_stricmp
strpbrk
isalnum
strncmp

api-ms-win-crt-stdio-l1-1-0

fclose
_setmaxstdio
__stdio_common_vsprintf
_get_stream_buffer_pointers
fputc
ungetc
fgetc
_wfopen_s
_ftelli64
ferror
__p__commode
__stdio_common_vsscanf
__stdio_common_vsprintf_s
__stdio_common_vswprintf_s
fread
fwrite
fgetpos
_fseeki64
fsetpos
setvbuf
fflush
__stdio_common_vfwprintf
__stdio_common_vfprintf
fgets
__stdio_common_vswprintf
__acrt_iob_func
fopen
__stdio_common_vsnwprintf_s
feof
_set_fmode
_wfopen
_fileno
_setmode
fseek
ftell
fputs
_wfsopen
__stdio_common_vfscanf

api-ms-win-crt-filesystem-l1-1-0

remove
_wstat64
_lock_file
_unlock_file
_stat64i32
_wchmod

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64
_gmtime64_s
strftime
_wutime64
_gmtime64

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-conio-l1-1-0

_getch

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

wininet

HttpSendRequestW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpQueryInfoW
InternetCrackUrlW
InternetSetOptionW
InternetQueryDataAvailable
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetOpenW

Sections

.text
Size: 12.4MB - Virtual size: 12.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.1MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 480KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

782d2212b0f3614c3a1aa32d5c2a0d71

Headers

DLL Characteristics

File Characteristics

Imports

chakra

ws2_32

dbghelp

kernel32

user32

advapi32

shell32

ole32

msvcp140

iphlpapi

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-locale-l1-1-0

wininet

Sections

.text Size: 12.4MB - Virtual size: 12.4MB

.rdata Size: 5.3MB - Virtual size: 5.3MB

.data Size: 2.1MB - Virtual size: 2.5MB

.pdata Size: 480KB - Virtual size: 480KB

_RDATA Size: 2KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 296KB - Virtual size: 295KB

.text
Size: 12.4MB - Virtual size: 12.4MB

.rdata
Size: 5.3MB - Virtual size: 5.3MB

.data
Size: 2.1MB - Virtual size: 2.5MB

.pdata
Size: 480KB - Virtual size: 480KB

_RDATA
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 296KB - Virtual size: 295KB