C:\SoftWare\dllnew\bedrock-server\plugins\plugin.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0a516c31fc8cb50b4a1f024ddfffa76c6e92864e844721ddbe55cac3ae606d75.dll
Resource
win7-20240611-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
0a516c31fc8cb50b4a1f024ddfffa76c6e92864e844721ddbe55cac3ae606d75.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
0a516c31fc8cb50b4a1f024ddfffa76c6e92864e844721ddbe55cac3ae606d75
-
Size
504KB
-
MD5
4f6fa0962d80518d4139c10ad4a1b7b5
-
SHA1
3a3cd58d1957c2c00d72b241690139d4767015e2
-
SHA256
0a516c31fc8cb50b4a1f024ddfffa76c6e92864e844721ddbe55cac3ae606d75
-
SHA512
81886ada2f8d7aa71fedc8fb1c468ff47c90b67ec81d45ce3465f12cbbc2f2ca42564e7c29658b809725613d3f20456455a92ec7d4ae3b5d6fdc1acb49397a78
-
SSDEEP
6144:v+fo77amyE8DD9krX5ZXjnCDgeV2jgG4F76ilIq3DV:dBn810rEQ+Fmi/D
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0a516c31fc8cb50b4a1f024ddfffa76c6e92864e844721ddbe55cac3ae606d75
Files
-
0a516c31fc8cb50b4a1f024ddfffa76c6e92864e844721ddbe55cac3ae606d75.dll windows:6 windows x64 arch:x64
b8cd2a3914065bb5c3375d125199de94
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
liteloader
?addEventListenerRef@?$EventManager@VServerStartedEvent@Event@@@Event@@SAHV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$function@$$A6A_NAEAVServerStartedEvent@Event@@@Z@4@@Z
?sendTo@SimpleForm@Form@@QEAA_NPEAVPlayer@@V?$function@$$A6AXPEAVPlayer@@H@Z@std@@@Z
?getPlugin@ll@@YAPEAUPlugin@1@PEAUHINSTANCE__@@@Z
?addButton@SimpleForm@Form@@QEAAAEAV12@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0V?$function@$$A6AXPEAVPlayer@@@Z@4@@Z
?serialize@SimpleForm@Form@@MEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?serialize@ModalForm@Form@@MEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?addStepSlider@CustomForm@Form@@QEAAAEAV12@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V34@AEBV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@4@H@Z
?addSlider@CustomForm@Form@@QEAAAEAV12@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V34@NNNN@Z
?addEventListener@?$EventManager@VPlayerJoinEvent@Event@@@Event@@SAHV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$function@$$A6A_NVPlayerJoinEvent@Event@@@Z@4@@Z
?addToggle@CustomForm@Form@@QEAAAEAV12@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V34@_N@Z
?addInput@CustomForm@Form@@QEAAAEAV12@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V34@11@Z
?addLabel@CustomForm@Form@@QEAAAEAV12@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V34@@Z
?serialize@CustomForm@Form@@MEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??0ParameterData@DynamicCommand@@QEAA@AEBU01@@Z
??0ParameterData@DynamicCommand@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4ParameterType@1@_N00W4CommandParameterOption@@@Z
??0Result@DynamicCommand@@QEAA@XZ
?setup@DynamicCommand@@SAPEBVDynamicCommandInstance@@V?$unique_ptr@VDynamicCommandInstance@@U?$default_delete@VDynamicCommandInstance@@@std@@@std@@@Z
?createCommand@DynamicCommand@@SA?AV?$unique_ptr@VDynamicCommandInstance@@U?$default_delete@VDynamicCommandInstance@@@std@@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@0$$QEAV?$unordered_map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@2@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@2@@std@@@2@@3@$$QEAV?$vector@UParameterData@DynamicCommand@@V?$allocator@UParameterData@DynamicCommand@@@std@@@3@$$QEAV?$vector@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@V?$allocator@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@2@@3@V?$function@$$A6AXAEBVDynamicCommand@@AEBVCommandOrigin@@AEAVCommandOutput@@AEAV?$unordered_map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UResult@DynamicCommand@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UResult@DynamicCommand@@@std@@@2@@std@@@Z@3@W4CommandPermissionLevel@@UCommandFlag@@6PEAUHINSTANCE__@@@Z
?addEventListener@?$EventManager@VPlayerUseItemEvent@Event@@@Event@@SAHV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$function@$$A6A_NVPlayerUseItemEvent@Event@@@Z@4@@Z
?sendText@Player@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4TextType@@@Z
?success@CommandOutput@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?getAllPlayers@Level@@SA?AV?$vector@PEAVPlayer@@V?$allocator@PEAVPlayer@@@std@@@std@@XZ
?getName@Player@@QEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??0Version@ll@@QEAA@HHHW4Status@01@@Z
?getServerProtocolVersion@ll@@YAHXZ
?endlImpl@Logger@@CAXPEAUHINSTANCE__@@AEAVOutputStream@1@@Z
?setFile@Logger@@QEAA_N$$T@Z
?addEventListenerRef@?$EventManager@VPlayerDestroyBlockEvent@Event@@@Event@@SAHV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$function@$$A6A_NAEAVPlayerDestroyBlockEvent@Event@@@Z@4@@Z
?lock@Logger@@QEAA_NXZ
?unlock@Logger@@QEAA_NXZ
??0Logger@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?RegisterPlugin@@YA_NPEAUHINSTANCE__@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@1UVersion@ll@@V?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@2@@3@@Z
?getBlock@Level@@SAPEAVBlock@@AEBVBlockPos@@H@Z
?setBlock@Level@@SA_NAEBVBlockPos@@HAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@G@Z
?getBlock@BlockInstance@@QEAAPEAVBlock@@XZ
?getPosition@BlockInstance@@QEAA?AVBlockPos@@XZ
?getDimensionId@BlockInstance@@QEAAHXZ
?nextTick@Schedule@@YA?AVScheduleTask@@V?$function@$$A6AXXZ@std@@PEAUHINSTANCE__@@@Z
?getNbt@ItemStack@@QEAA?AV?$unique_ptr@VCompoundTag@@U?$default_delete@VCompoundTag@@@std@@@std@@XZ
?setNbt@ItemStack@@QEAA_NPEAVCompoundTag@@@Z
?asCompoundTag@Tag@@QEAAPEAVCompoundTag@@XZ
?toJson@Tag@@QEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
dlsym_real
?begin@ListTag@@QEBA?AV?$_Vector_const_iterator@V?$_Vector_val@U?$_Simple_types@PEAVTag@@@std@@@std@@@std@@XZ
?end@ListTag@@QEBA?AV?$_Vector_const_iterator@V?$_Vector_val@U?$_Simple_types@PEAVTag@@@std@@@std@@@std@@XZ
?refreshInventory@Mob@@QEAA_NXZ
?create@CompoundTag@@SA?AV?$unique_ptr@VCompoundTag@@U?$default_delete@VCompoundTag@@@std@@@std@@XZ
?addDropdown@CustomForm@Form@@QEAAAEAV12@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V34@AEBV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@4@H@Z
?fromSNBT@CompoundTag@@SA?AV?$unique_ptr@VCompoundTag@@U?$default_delete@VCompoundTag@@@std@@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z
kernel32
VirtualQuery
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
MultiByteToWideChar
WideCharToMultiByte
HeapAlloc
HeapFree
FreeLibrary
LocalAlloc
LoadLibraryA
GetLastError
GetProcAddress
RaiseException
GetModuleHandleExW
GetProcessHeap
InitializeSListHead
msvcp140
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$numpunct@D@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sync_with_stdio@ios_base@std@@SA_N_N@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?good@ios_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??Bios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?is@?$ctype@D@std@@QEBA_NFD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?_Incref@facet@locale@std@@UEAAXXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__current_exception_context
_CxxThrowException
__current_exception
__std_type_info_destroy_list
memchr
__std_exception_destroy
memcpy
__std_exception_copy
__C_specific_handler
memcmp
__vcrt_LoadLibraryExW
_purecall
memset
memmove
__vcrt_GetModuleFileNameW
__C_specific_handler_noexcept
__std_type_info_name
api-ms-win-crt-heap-l1-1-0
calloc
free
malloc
_callnewh
api-ms-win-crt-math-l1-1-0
_fdtest
_fdsign
ceilf
_ldtest
_dtest
_dsign
_ldsign
api-ms-win-crt-string-l1-1-0
strcmp
strlen
strcpy_s
strcat_s
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_initterm
_cexit
system
terminate
_execute_onexit_table
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_crt_atexit
api-ms-win-crt-stdio-l1-1-0
fclose
fgetpos
fputc
fgetc
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf
__stdio_common_vsnprintf_s
fwrite
fflush
api-ms-win-crt-filesystem-l1-1-0
_lock_file
_unlock_file
Exports
Exports
onPostInit
Sections
.text Size: 329KB - Virtual size: 328KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 138KB - Virtual size: 137KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 248B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ