Likely N00b question - Bassmod.dll

Stingered · #1 12-31-2017, 04:30

Is it fairly normal for this DLL to be used for crack/Keygen EXEs? This seems to get flagged as a virus, a lot, but once the DLL is extracted it seems pretty benign:

seg003:10012280 0000000F C GetProcAddress
seg003:100122A4 0000000C C GlobalAlloc
seg003:100122C0 0000000C C timeGetTime
seg003:1001244A 00000015 C BASSMOD_ErrorGetCode
seg003:1001245F 0000000D C BASSMOD_Free
seg003:1001246C 0000000F C BASSMOD_GetCPU
seg003:1001247B 0000001D C BASSMOD_GetDeviceDescription
seg003:10012498 00000013 C BASSMOD_GetVersion
seg003:100124AB 00000012 C BASSMOD_GetVolume
seg003:100124BD 0000000D C BASSMOD_Init
seg003:100124CA 00000014 C BASSMOD_MusicDecode
seg003:100124DE 00000012 C BASSMOD_MusicFree
seg003:100124F0 00000017 C BASSMOD_MusicGetLength
seg003:10012507 00000015 C BASSMOD_MusicGetName
seg003:1001251C 00000019 C BASSMOD_MusicGetPosition
seg003:10012535 00000017 C BASSMOD_MusicGetVolume
seg003:1001254C 00000016 C BASSMOD_MusicIsActive
seg003:10012562 00000012 C BASSMOD_MusicLoad
seg003:10012574 00000013 C BASSMOD_MusicPause
seg003:10012587 00000012 C BASSMOD_MusicPlay
seg003:10012599 00000014 C BASSMOD_MusicPlayEx
seg003:100125AD 00000018 C BASSMOD_MusicRemoveSync
seg003:100125C5 00000018 C BASSMOD_MusicSetAmplify
seg003:100125DD 00000017 C BASSMOD_MusicSetPanSep
seg003:100125F4 00000019 C BASSMOD_MusicSetPosition
seg003:1001260D 0000001F C BASSMOD_MusicSetPositionScaler
seg003:1001262C 00000015 C BASSMOD_MusicSetSync
seg003:10012641 00000017 C BASSMOD_MusicSetVolume
seg003:10012658 00000012 C BASSMOD_MusicStop
seg003:1001266A 00000012 C BASSMOD_SetVolume
seg003:1001267C 0000000C C BASSMOD.dll

THX!

zeffy · #2 12-31-2017, 05:46

Yes I think it's fairly normal, it's used for playing music like .xm tracker modules.

If you are worried about it e.g. being modified to contain malware, you could check its hash against the official release of BASSMOD here: https://www.un4seen.com/bassmod.html

Stingered · #3 12-31-2017, 08:56

Quote:

Originally Posted by zeffy

Yes I think it's fairly normal, it's used for playing music like .xm tracker modules.

If you are worried about it e.g. being modified to contain malware, you could check its hash against the official release of BASSMOD here: https://www.un4seen.com/bassmod.html

There was a hash match for the latest downloadable version. Good call.

LaDidi · #4 01-02-2018, 21:34

@Stingered:
It's due to compression method used : upx

squareD · #5 01-02-2018, 22:04

I use bass.dll since years and years for playing really music in keygens, instead of xm racket, so believe me it's normal...

ReBirth · #6 01-03-2018, 22:24

Quote:

Originally Posted by LaDidi

@Stingered:
It's due to compression method used : upx

it's Petite not upx. most un4seen stuff compressed by petite
un4seen.com/petite/

LaDidi · #7 01-16-2018, 02:23

@ReBirth :
The ones I've needeed to unpack used UPX...

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Static linking of Bassmod in Delphi	Sn!per X	Source Code	0	01-13-2016 22:12
Question\|IDA PRO	Stitch	General Discussion	10	02-17-2015 01:48
Question on PKE	TmC	General Discussion	8	09-19-2007 23:59
n00b Quest II(tm)	abitofboth	General Discussion	5	01-19-2006 15:32
N00b : help ?	abitofboth	General Discussion	11	05-05-2005 15:12

The Following User Says Thank You to zeffy For This Useful Post:
Stingered (12-31-2017)

The Following User Says Thank You to Stingered For This Useful Post:
niculaita (12-31-2017)

The Following User Says Thank You to LaDidi For This Useful Post:
Stingered (01-03-2018)

The Following User Says Thank You to ReBirth For This Useful Post:
Stingered (01-04-2018)

The Following User Says Thank You to LaDidi For This Useful Post:
Stingered (01-16-2018)