baldi_mod_loader_v5[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

baldi_mod_loader_v5.zip
Size

61.0MB
MD5

28c9cab4557ccc95811fc2879e2966b2
SHA1

a22e8f6c9f50360ea47e627170ea6749b031e015
SHA256

c739943ed1cbebfb4a71dcd2fb3b4f2c52af59dc11bf516405424d8210cd983f
SHA512

6a5c98f4bebe37a2be88979992304d1b5d20434dfae07559757614021d977b4cdaa08f2f632fefa6ff3e4b9622533b1eebca6e72c1800d546faba3d3b995a291
SSDEEP

1572864:+KwKZRNJJ2x0EF9Sz11kCJ5BcfR+5u567Jd3osVcU2wKLq2hgX4XyUEiT5:+h0J8F9SzLkwk+RX3osTO5XYQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BBML Creator/bml_creator.exe
unpack001/Mods/Birthday Clean/Managed/Assembly-CSharp.dll
unpack001/Mods/Clean/Managed/Assembly-CSharp.dll
unpack001/bml.exe

Files

baldi_mod_loader_v5.zip
.zip
BBML Creator/SmallBasicLibrary.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:73:c6:59:c2:52:97:83:a3:3a:00:00:00:00:00:73
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:BBEC-30CA-2DBE,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

76:02:8e:00:47:bd:96:9e:d5:84:70:fa:9b:00:04:02:8e:00:47
Certificate

Issuer

CN=MSIT Enterprise CA 1

Not Before

24/07/2015, 17:36

Not After

23/07/2016, 17:36

Subject

CN=Microsoft Corporation (Internal Use Only),OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:07:f0:97:00:00:00:00:00:bf
Certificate

Issuer

CN=Microsoft Corporate Root CA,O=Microsoft Corporation

Not Before

12/12/2013, 23:38

Not After

12/12/2015, 23:48

Subject

CN=MSIT Enterprise CA 1

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1e:58:fb:00:00:00:00:00:cb
Certificate

Issuer

CN=Microsoft Corporate Root CA,O=Microsoft Corporation

Not Before

04/02/2014, 18:36

Not After

04/02/2018, 18:46

Subject

CN=MSIT Enterprise CA 1

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7a:aa:36:45:bf:d8:84:fd:76:e4:4f:cb:e1:a1:f8:17:b8:ef:8b:a5
Signer

Actual PE Digest

7a:aa:36:45:bf:d8:84:fd:76:e4:4f:cb:e1:a1:f8:17:b8:ef:8b:a5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\VSTFCodeBox\Chi\smallbasic\Current\Source\Library\obj\Release\SmallBasicLibrary.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BBML Creator/bml_creator.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

bml_creator.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Mods/Birthday Clean/Managed/Assembly-CSharp.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 435KB - Virtual size: 435KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Mods/Birthday Clean/ScreenSelector.png
.png
Mods/Birthday Clean/boot.config
Mods/Birthday Clean/config.bbml
Mods/Birthday Clean/globalgamemanagers
Mods/Birthday Clean/globalgamemanagers.assets
Mods/Birthday Clean/globalgamemanagers.assets.resS
Mods/Birthday Clean/icon.png
.png
Mods/Birthday Clean/level0
Mods/Birthday Clean/level0.resS
Mods/Birthday Clean/level1
Mods/Birthday Clean/level1.resS
Mods/Birthday Clean/level2
Mods/Birthday Clean/level3
Mods/Birthday Clean/level3.resS
Mods/Birthday Clean/level4
Mods/Birthday Clean/level4.resS
Mods/Birthday Clean/level5
Mods/Birthday Clean/level5.resS
Mods/Birthday Clean/prev.png
.png
Mods/Birthday Clean/resources.assets
Mods/Birthday Clean/resources.assets.resS
Mods/Birthday Clean/sharedassets0.assets
Mods/Birthday Clean/sharedassets0.assets.resS
Mods/Birthday Clean/sharedassets1.assets
Mods/Birthday Clean/sharedassets1.assets.resS
Mods/Birthday Clean/sharedassets1.resource
Mods/Birthday Clean/sharedassets2.assets
Mods/Birthday Clean/sharedassets2.assets.resS
Mods/Birthday Clean/sharedassets2.resource
Mods/Birthday Clean/sharedassets3.assets
Mods/Birthday Clean/sharedassets3.assets.resS
Mods/Birthday Clean/sharedassets4.assets
Mods/Birthday Clean/sharedassets4.assets.resS
Mods/Birthday Clean/sharedassets4.resource
Mods/Birthday Clean/sharedassets5.assets
Mods/Birthday Clean/sharedassets5.assets.resS
Mods/Birthday Clean/sharedassets5.resource
Mods/Clean/Managed/Assembly-CSharp.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 419KB - Virtual size: 418KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Mods/Clean/ScreenSelector.png
.png
Mods/Clean/config.bbml
Mods/Clean/globalgamemanagers
Mods/Clean/globalgamemanagers.assets
Mods/Clean/globalgamemanagers.assets.resS
Mods/Clean/icon.png
.png
Mods/Clean/level0
Mods/Clean/level0.resS
Mods/Clean/level1
Mods/Clean/level1.resS
Mods/Clean/level2
Mods/Clean/level3
Mods/Clean/level3.resS
Mods/Clean/level4
Mods/Clean/level4.resS
Mods/Clean/level5
Mods/Clean/level6
Mods/Clean/level6.resS
Mods/Clean/prev.png
.png
Mods/Clean/resources.assets
Mods/Clean/resources.assets.resS
Mods/Clean/sharedassets0.assets
Mods/Clean/sharedassets0.assets.resS
Mods/Clean/sharedassets1.assets
Mods/Clean/sharedassets1.assets.resS
Mods/Clean/sharedassets1.resource
Mods/Clean/sharedassets2.assets
Mods/Clean/sharedassets2.assets.resS
Mods/Clean/sharedassets2.resource
Mods/Clean/sharedassets3.assets
Mods/Clean/sharedassets3.assets.resS
Mods/Clean/sharedassets3.resource
Mods/Clean/sharedassets4.assets
Mods/Clean/sharedassets4.assets.resS
Mods/Clean/sharedassets4.resource
Mods/Clean/sharedassets5.assets
Mods/Clean/sharedassets5.assets.resS
Mods/Clean/sharedassets5.resource
Mods/Clean/sharedassets6.assets
Mods/Clean/sharedassets6.assets.resS
Mods/Clean/sharedassets6.resource
README.txt
SmallBasicLibrary.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:73:c6:59:c2:52:97:83:a3:3a:00:00:00:00:00:73
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:BBEC-30CA-2DBE,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

76:02:8e:00:47:bd:96:9e:d5:84:70:fa:9b:00:04:02:8e:00:47
Certificate

Issuer

CN=MSIT Enterprise CA 1

Not Before

24/07/2015, 17:36

Not After

23/07/2016, 17:36

Subject

CN=Microsoft Corporation (Internal Use Only),OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:07:f0:97:00:00:00:00:00:bf
Certificate

Issuer

CN=Microsoft Corporate Root CA,O=Microsoft Corporation

Not Before

12/12/2013, 23:38

Not After

12/12/2015, 23:48

Subject

CN=MSIT Enterprise CA 1

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1e:58:fb:00:00:00:00:00:cb
Certificate

Issuer

CN=Microsoft Corporate Root CA,O=Microsoft Corporation

Not Before

04/02/2014, 18:36

Not After

04/02/2018, 18:46

Subject

CN=MSIT Enterprise CA 1

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7a:aa:36:45:bf:d8:84:fd:76:e4:4f:cb:e1:a1:f8:17:b8:ef:8b:a5
Signer

Actual PE Digest

7a:aa:36:45:bf:d8:84:fd:76:e4:4f:cb:e1:a1:f8:17:b8:ef:8b:a5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\VSTFCodeBox\Chi\smallbasic\Current\Source\Library\obj\Release\SmallBasicLibrary.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bml.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

bml.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:73:c6:59:c2:52:97:83:a3:3a:00:00:00:00:00:73Certificate

Extended Key Usages

76:02:8e:00:47:bd:96:9e:d5:84:70:fa:9b:00:04:02:8e:00:47Certificate

Extended Key Usages

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

61:07:f0:97:00:00:00:00:00:bfCertificate

Extended Key Usages

Key Usages

61:1e:58:fb:00:00:00:00:00:cbCertificate

Extended Key Usages

Key Usages

7a:aa:36:45:bf:d8:84:fd:76:e4:4f:cb:e1:a1:f8:17:b8:ef:8b:a5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 248KB - Virtual size: 248KB

.rsrc Size: 1024B - Virtual size: 944B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 435KB - Virtual size: 435KB

.sdata Size: 512B - Virtual size: 20B

.rsrc Size: 1024B - Virtual size: 768B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 419KB - Virtual size: 418KB

.sdata Size: 512B - Virtual size: 20B

.rsrc Size: 1024B - Virtual size: 768B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:73:c6:59:c2:52:97:83:a3:3a:00:00:00:00:00:73Certificate

Extended Key Usages

76:02:8e:00:47:bd:96:9e:d5:84:70:fa:9b:00:04:02:8e:00:47Certificate

Extended Key Usages

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

61:07:f0:97:00:00:00:00:00:bfCertificate

Extended Key Usages

Key Usages

61:1e:58:fb:00:00:00:00:00:cbCertificate

Extended Key Usages

Key Usages

33:00:00:00:73:c6:59:c2:52:97:83:a3:3a:00:00:00:00:00:73
Certificate

76:02:8e:00:47:bd:96:9e:d5:84:70:fa:9b:00:04:02:8e:00:47
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:07:f0:97:00:00:00:00:00:bf
Certificate

61:1e:58:fb:00:00:00:00:00:cb
Certificate

7a:aa:36:45:bf:d8:84:fd:76:e4:4f:cb:e1:a1:f8:17:b8:ef:8b:a5
Signer

.text
Size: 248KB - Virtual size: 248KB

.rsrc
Size: 1024B - Virtual size: 944B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 435KB - Virtual size: 435KB

.sdata
Size: 512B - Virtual size: 20B

.rsrc
Size: 1024B - Virtual size: 768B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 419KB - Virtual size: 418KB

.sdata
Size: 512B - Virtual size: 20B

.rsrc
Size: 1024B - Virtual size: 768B

.reloc
Size: 512B - Virtual size: 12B

33:00:00:00:73:c6:59:c2:52:97:83:a3:3a:00:00:00:00:00:73
Certificate

76:02:8e:00:47:bd:96:9e:d5:84:70:fa:9b:00:04:02:8e:00:47
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:07:f0:97:00:00:00:00:00:bf
Certificate

61:1e:58:fb:00:00:00:00:00:cb
Certificate

7a:aa:36:45:bf:d8:84:fd:76:e4:4f:cb:e1:a1:f8:17:b8:ef:8b:a5
Signer

.text
Size: 248KB - Virtual size: 248KB

.rsrc
Size: 1024B - Virtual size: 944B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 14KB - Virtual size: 13KB

.reloc
Size: 512B - Virtual size: 12B