AutoForge[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

AutoForge.exe
Size

20.4MB
MD5

2ca637b404c38fcafcddafde60ac46f6
SHA1

efc3373d3d5370755fb48034547e559af81b7b6a
SHA256

ca6ba1210243ab57ce14164df114f57890baee1690f0fe41bdfaf667977b6205
SHA512

73dd4b5d738c9cc9f12ea9f54e1d3163d80149792887405b28de5ccfa641260a11917e098dec233ec494077e91348ee7a5273df7ec40a5a766c5e9d38ef8efd4
SSDEEP

98304:Zomfv8BZlwft4jr/QhK1iN8Zny55iiw46+AKz23GHIpCMf6Bf0yKu7Wor45yNSoc:ZomfvmDI4/oU1nZWVwZqmobmCMT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AutoForge.exe

Files

AutoForge.exe
.exe windows:6 windows x64 arch:x64

6453b30f6e27ed699437026e4ccd367d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\dev\siege\build\Release\AutoForge.pdb

Imports

sdl2

SDL_PollEvent
SDL_HasClipboardText
SDL_StartTextInput
SDL_StopTextInput
SDL_GetClipboardText
SDL_SetClipboardText
SDL_free
SDL_GetKeyName
SDL_OpenURL
SDL_GetTicks64
SDL_ShowCursor
SDL_FreeCursor
SDL_SetCursor
SDL_CreateColorCursor
SDL_GetMouseState
SDL_GetPerformanceCounter
SDL_GetPerformanceFrequency
SDL_Delay
SDL_GetError
SDL_Init
SDL_Quit
SDL_GetModState
SDL_WarpMouseInWindow
SDL_GetDesktopDisplayMode
SDL_CreateWindow
SDL_GetWindowSize
SDL_SetWindowFullscreen
SDL_DestroyWindow
SDL_GetWindowWMInfo
SDL_RWFromFile
SDL_LoadBMP_RW

fmodstudio

?create@System@Studio@FMOD@@SA?AW4FMOD_RESULT@@PEAPEAV123@I@Z
?initialize@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@HIIPEAX@Z
?release@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?update@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?flushCommands@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?getCoreSystem@System@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAPEAV13@@Z
?getEvent@System@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEBDPEAPEAVEventDescription@23@@Z
?setParameterByName@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDM_N@Z
?setParameterByNameWithLabel@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEBD0_N@Z
?setListenerAttributes@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@HPEBUFMOD_3D_ATTRIBUTES@@PEBUFMOD_VECTOR@@@Z
?loadBankMemory@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDHW4FMOD_STUDIO_LOAD_MEMORY_MODE@@IPEAPEAVBank@23@@Z
?createInstance@EventDescription@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAPEAVEventInstance@23@@Z
?set3DAttributes@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEBUFMOD_3D_ATTRIBUTES@@@Z
?start@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?release@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?setParameterByName@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDM_N@Z
?setParameterByNameWithLabel@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEBD0_N@Z
?getVolume@Bus@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAM0@Z
?setVolume@Bus@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@M@Z
?unload@Bank@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?getBusList@Bank@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAPEAVBus@23@HPEAH@Z
?getVolume@EventInstance@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAM0@Z
?setVolume@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@M@Z
?stop@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@W4FMOD_STUDIO_STOP_MODE@@@Z
?getPlaybackState@EventInstance@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAW4FMOD_STUDIO_PLAYBACK_STATE@@@Z
?getParameterByID@EventInstance@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@UFMOD_STUDIO_PARAMETER_ID@@PEAM1@Z
?setParameterByID@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@UFMOD_STUDIO_PARAMETER_ID@@M_N@Z
?setParameterByIDWithLabel@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@UFMOD_STUDIO_PARAMETER_ID@@PEBD_N@Z
?getParameterByName@EventInstance@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEBDPEAM1@Z
?getBusCount@Bank@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAH@Z

lua51

lua_rawequal
lua_type
lua_xmove
lua_toboolean
lua_remove
lua_pushvalue
lua_settop
lua_gettop
lua_pushlightuserdata
lua_touserdata
lua_pushnil
lua_pushinteger
lua_pushlstring
lua_pushstring
lua_pushcclosure
lua_pushboolean
lua_getfield
lua_replace
lua_rawget
lua_rawgeti
lua_createtable
lua_newuserdata
lua_getmetatable
lua_settable
lua_setfield
lua_setmetatable
lua_call
lua_pushfstring
luaL_newmetatable
luaL_error
luaL_ref
luaL_unref
lua_topointer
lua_next
lua_close
lua_atpanic
lua_insert
lua_pushthread
lua_gettable
lua_concat
lua_getstack
lua_getinfo
luaL_newstate
luaopen_base
luaopen_math
luaopen_string
luaopen_table
luaopen_io
luaopen_os
luaopen_package
luaopen_debug
luaopen_bit
luaopen_jit
luaopen_ffi
lua_typename
lua_tonumber
lua_objlen
lua_pushnumber
luaL_callmeta
lua_equal
lua_rawset
lua_isnumber
lua_tolstring
lua_checkstack
lua_pcall

bugsplat64

??1MiniDmpSender@@UEAA@XZ
?setGuardByteBufferSize@MiniDmpSender@@QEAAHH@Z
?setCallback@MiniDmpSender@@QEAAXP6A_NIPEAX0@Z@Z
??0MiniDmpSender@@QEAA@PEB_W000K@Z
?sendAdditionalFile@MiniDmpSender@@QEAAXPEB_W@Z

fmod

?set3DSettings@System@FMOD@@QEAA?AW4FMOD_RESULT@@MMM@Z

kernel32

GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetCommandLineW
GetCommandLineA
SetEnvironmentVariableW
FreeLibraryAndExitThread
ExitThread
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
ExitProcess
ReadFile
LoadLibraryExW
GetModuleFileNameW
RtlUnwindEx
VirtualQuery
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
SetEvent
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetLocaleInfoEx
GetCPInfo
CompareStringEx
LCMapStringEx
DecodePointer
EncodePointer
GetModuleHandleW
GetNativeSystemInfo
WaitForSingleObjectEx
IsProcessorFeaturePresent
GetModuleHandleExW
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
InitOnceComplete
InitOnceBeginInitialize
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
RtlPcToFileHeader
TryEnterCriticalSection
InitializeCriticalSectionEx
InitializeSRWLock
GetFileInformationByHandleEx
MoveFileExW
SetFilePointerEx
SetFileInformationByHandle
SetFileAttributesW
SetEndOfFile
GetFileInformationByHandle
GetFileAttributesExW
GetFileAttributesW
CreateDirectoryW
GetCurrentDirectoryW
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
LCMapStringW
ReleaseSRWLockExclusive
FormatMessageA
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
ReadConsoleW
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
FileTimeToSystemTime
SystemTimeToFileTime
GetEnvironmentVariableA
CloseHandle
RaiseException
GetLastError
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
QueryPerformanceFrequency
WaitForSingleObject
GetCurrentProcess
GetCurrentProcessId
CreateThread
GetCurrentThread
GetCurrentThreadId
OpenThread
SetThreadPriority
SuspendThread
GetThreadId
GetProcessIdOfThread
OpenProcess
GetSystemTimes
GlobalMemoryStatusEx
GetSystemInfo
GetWindowsDirectoryA
VirtualAlloc
VirtualFree
GetLargePageMinimum
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryExA
LocalFree
AttachConsole
CreateToolhelp32Snapshot
Thread32First
Thread32Next
K32EnumProcessModules
K32GetModuleInformation
K32EnumDeviceDrivers
K32GetDeviceDriverBaseNameA
K32GetDeviceDriverFileNameA
K32GetProcessImageFileNameA
LoadLibraryA
CreateFileW
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
CancelIo
ResetEvent
CreateEventA
ReadDirectoryChangesW
GetStdHandle
WriteFile
AllocConsole
WriteConsoleA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleTitleA
GetConsoleWindow
VerSetConditionMask
VerifyVersionInfoA
HeapAlloc
HeapFree
GetProcessHeap
K32GetModuleBaseNameA
OutputDebugStringA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
CreateSemaphoreA
GetExitCodeThread
TlsAlloc
TlsGetValue
TlsSetValue
RtlUnwind
QueryPerformanceCounter
FindClose
FindFirstFileExW
FindNextFileW
GetFullPathNameW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetOEMCP
Sleep
K32GetProcessMemoryInfo
GetLogicalProcessorInformation
DeleteFileW
HeapReAlloc
SetStdHandle
HeapSize
HeapQueryInformation
IsValidCodePage
GetEnvironmentStringsW
CompareStringW
FreeEnvironmentStringsW
WriteConsoleW
TlsFree

user32

GetClientRect
MessageBoxA
ClientToScreen
CreateWindowExA
SetWindowPos
GetWindowRect
DestroyWindow
GetDC
ReleaseDC
SetProcessDPIAware

gdi32

SwapBuffers
SetPixelFormat
ChoosePixelFormat
DescribePixelFormat

shell32

ShellExecuteA

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantClear

advapi32

CloseTrace
RegQueryValueExA
RegOpenKeyExA
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
GetUserNameA
StartTraceA
ControlTraceA
TraceSetInformation
ProcessTrace
OpenTraceA

ws2_32

socket
accept
bind
closesocket
htons
listen
recv
send
sendto
setsockopt
inet_pton
gethostname
WSAStartup
WSAGetLastError
WSAPoll
getaddrinfo
freeaddrinfo

dbghelp

SymInitialize
SymFromAddr
SymSetOptions
SymGetLineFromAddr64
SymLoadModuleEx

Exports

Exports

AmdPowerXpressRequestHighPerformance
LZ4_compress
LZ4_compressBound
LZ4_compress_continue
LZ4_compress_default
LZ4_compress_destSize
LZ4_compress_fast
LZ4_compress_fast_continue
LZ4_compress_fast_extState
LZ4_compress_limitedOutput
LZ4_compress_limitedOutput_continue
LZ4_compress_limitedOutput_withState
LZ4_compress_withState
LZ4_create
LZ4_createStream
LZ4_createStreamDecode
LZ4_decoderRingBufferSize
LZ4_decompress_fast
LZ4_decompress_fast_continue
LZ4_decompress_fast_usingDict
LZ4_decompress_fast_withPrefix64k
LZ4_decompress_safe
LZ4_decompress_safe_continue
LZ4_decompress_safe_partial
LZ4_decompress_safe_usingDict
LZ4_decompress_safe_withPrefix64k
LZ4_freeStream
LZ4_freeStreamDecode
LZ4_initStream
LZ4_loadDict
LZ4_resetStream
LZ4_resetStreamState
LZ4_resetStream_fast
LZ4_saveDict
LZ4_setStreamDecode
LZ4_sizeofState
LZ4_sizeofStreamState
LZ4_slideInputBuffer
LZ4_uncompress
LZ4_uncompress_unknownOutputSize
LZ4_versionNumber
LZ4_versionString
NvOptimusEnablement

Sections

.text
Size: 16.8MB - Virtual size: 16.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 550KB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 567KB - Virtual size: 566KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 512B - Virtual size: 5B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6453b30f6e27ed699437026e4ccd367d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

sdl2

fmodstudio

lua51

bugsplat64

fmod

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

ws2_32

dbghelp

Exports

Exports

Sections

.text Size: 16.8MB - Virtual size: 16.8MB

.rdata Size: 2.4MB - Virtual size: 2.4MB

.data Size: 550KB - Virtual size: 3.4MB

.pdata Size: 567KB - Virtual size: 566KB

.msvcjmc Size: 512B - Virtual size: 5B

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 50KB - Virtual size: 49KB

.text
Size: 16.8MB - Virtual size: 16.8MB

.rdata
Size: 2.4MB - Virtual size: 2.4MB

.data
Size: 550KB - Virtual size: 3.4MB

.pdata
Size: 567KB - Virtual size: 566KB

.msvcjmc
Size: 512B - Virtual size: 5B

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 50KB - Virtual size: 49KB