WorkshopMapLoader_v1[.]15[.]2[.]1_release[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

WorkshopMapLoader_v1.15.2.1_release.zip
Size

1.3MB
MD5

231007b9e05634413f56c29f0c2146cb
SHA1

ddc28e45d6a1f633410ff3ed2c592f71cd65abca
SHA256

759e4db65c984d7587e99f1771a22b907dcefb5c41bfc9935da95c90ebedac7f
SHA512

980e2ea77790d293d3eb1174a3217b6ebcc31054f717ad361d6726d8c183b3175138793d31d20a8c397c78c14e2f18997d3135f6e7ed5eb2ae98c5eb9b5a2e42
SSDEEP

24576:yMSl23jb626ElbWljuFFu0B7CZG4QFOgL8xxjRlWec6jLgpxOSJAzC7tSk:yRl2z16EZUuFFu67yjWOZxxtlWepjxoB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/plugins/WorkshopMapLoader.dll

Files

WorkshopMapLoader_v1.15.2.1_release.zip
.zip
data/WorkshopMapLoader/Search/NoPreview.jpg
data/WorkshopMapLoader/logos/logo1.png
.png
data/WorkshopMapLoader/logos/logo1_selected.png
.png
data/WorkshopMapLoader/logos/logo2.png
.png
data/WorkshopMapLoader/logos/logo2_selected.png
.png
data/WorkshopMapLoader/logos/rlmapslogo.png
.png
data/WorkshopMapLoader/logos/steamlogo.png
.png
plugins/WorkshopMapLoader.dll
.dll windows:6 windows x64 arch:x64

6d415f2b72dd9afa05b0a73080874ddb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\BPReview\WorkshopMapLoaderAndDownloader\plugins\WorkshopMapLoader.pdb

Imports

pluginsdk

?GetBakkesModPath@GameWrapper@@QEAA?AVpath@filesystem@std@@XZ
?setBind@CVarManagerWrapper@@QEAAXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?ExecuteUnrealCommand@GameWrapper@@QEAAXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetImGuiTex@ImageWrapper@@QEAAPEAXXZ
??0CanvasWrapper@@QEAA@AEBV0@@Z
??0ImageWrapper@@QEAA@Vpath@filesystem@std@@_N1@Z
??0ImageWrapper@@QEAA@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N1@Z
??1ImageWrapper@@QEAA@XZ
?SendCurlRequest@HttpWrapper@@SAXUCurlRequest@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$function@$$A6AXHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z@4@@Z
?SendCurlRequest@HttpWrapper@@SAXUCurlRequest@@V?$function@$$A6AXHPEAD_K@Z@std@@@Z
?Execute@GameWrapper@@QEAAXV?$function@$$A6AXPEAVGameWrapper@@@Z@std@@@Z
?IsInOnlineGame@GameWrapper@@QEAA_NXZ
??1CanvasWrapper@@QEAA@XZ
?executeCommand@CVarManagerWrapper@@QEAAXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
?log@CVarManagerWrapper@@QEAAXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?RegisterDrawable@GameWrapper@@QEAAXV?$function@$$A6AXVCanvasWrapper@@@Z@std@@@Z

kernel32

GetModuleHandleA
GetSystemDirectoryA
SleepEx
GetTickCount
WaitForMultipleObjects
VerifyVersionInfoA
GetLogicalDrives
FormatMessageW
LoadLibraryA
QueryPerformanceCounter
QueryPerformanceFrequency
CreateFileA
RtlUnwind
GetEnvironmentVariableA
MoveFileExA
Sleep
PeekNamedPipe
MultiByteToWideChar
VerSetConditionMask
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetEndOfFile
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
CloseHandle
GetLastError
CopyFileW
MoveFileExW
GetFileInformationByHandleEx
WideCharToMultiByte
FormatMessageA
LocalFree
WaitForSingleObjectEx
GetCurrentThreadId
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
EncodePointer
GetDriveTypeW
LCMapStringEx
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ReadFile
ExitProcess
GetModuleHandleExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleFileNameW
HeapAlloc
HeapFree
GetStdHandle
GetFileType
GetConsoleMode
ReadConsoleW
WriteFile
GetConsoleOutputCP
GetFileSizeEx
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
HeapReAlloc
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
HeapSize
WriteConsoleW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
DeleteFileW
DecodePointer

user32

SetCursorPos
GetKeyState
mouse_event
GetCursorPos
GetClipboardData
OpenClipboard
CloseClipboard

shell32

ShellExecuteW

xinput1_4

ord2

ws2_32

WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
socket
WSACleanup
ntohl
listen
WSACloseEvent
accept
closesocket
recv
send
WSACreateEvent
gethostname
freeaddrinfo
getaddrinfo
ioctlsocket
htonl
sendto
recvfrom
WSAEventSelect
WSAStartup
getpeername
connect
bind
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
inet_pton
WSAEnumNetworkEvents

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertOpenStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

wldap32

ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord301
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord143
ord26

advapi32

CryptHashData
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptAcquireContextA
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext

Exports

Exports

??0BakkesModPlugin@Plugin@BakkesMod@@QEAA@$$QEAV012@@Z
??0BakkesModPlugin@Plugin@BakkesMod@@QEAA@AEBV012@@Z
??0BakkesModPlugin@Plugin@BakkesMod@@QEAA@XZ
??1BakkesModPlugin@Plugin@BakkesMod@@QEAA@XZ
??4BakkesModPlugin@Plugin@BakkesMod@@QEAAAEAV012@$$QEAV012@@Z
??4BakkesModPlugin@Plugin@BakkesMod@@QEAAAEAV012@AEBV012@@Z
??_7BakkesModPlugin@Plugin@BakkesMod@@6B@
?__autoclassinit2@BakkesModPlugin@Plugin@BakkesMod@@QEAAX_K@Z
?onLoad@BakkesModPlugin@Plugin@BakkesMod@@UEAAXXZ
?onUnload@BakkesModPlugin@Plugin@BakkesMod@@UEAAXXZ
deleteMe
exports
getPlugin

Sections

.text
Size: 995KB - Virtual size: 994KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d415f2b72dd9afa05b0a73080874ddb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

pluginsdk

kernel32

user32

shell32

xinput1_4

ws2_32

crypt32

wldap32

advapi32

Exports

Exports

Sections

.text Size: 995KB - Virtual size: 994KB

.rdata Size: 256KB - Virtual size: 256KB

.data Size: 12KB - Virtual size: 21KB

.pdata Size: 40KB - Virtual size: 39KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 995KB - Virtual size: 994KB

.rdata
Size: 256KB - Virtual size: 256KB

.data
Size: 12KB - Virtual size: 21KB

.pdata
Size: 40KB - Virtual size: 39KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 5KB - Virtual size: 4KB