Sprite[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Sprite.exe
Size

446KB
MD5

80e71ef78b539f49b12ad50b3a80a7f4
SHA1

790b9966995ebbcfe47f62b9cdbf77d5136964df
SHA256

510e46ac09112f5ee91697e86966014bd779a90448f0f5839d9e1bcedd765ab0
SHA512

ddedff970025a4b70903048331d09a4ba63cdd632c48ccafdcbca1a70c10c5726d9cd092bc62dc0f618b267d55be928ec4517c45f779077c9018858ee7cb1e6e
SSDEEP

12288:xxG90JCBuKr9Zg7qTOYuNkU8+2hDLI5hDceDJPzSJ2tJJg3ai93f:x40JW/cqTOS9hG6eDJPzbtJJg3ai9P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Sprite.exe

Files

Sprite.exe
.exe windows:6 windows x86 arch:x86

fa54bcb5049756e0db86f90d3b29017e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\brayd\Desktop\supre\examples\example_win32_directx9\Release\example_win32_directx9.pdb

Imports

d3d9

Direct3DCreate9

kernel32

OpenProcess
GetTickCount
TerminateProcess
GetModuleFileNameW
CreateToolhelp32Snapshot
Sleep
Process32NextW
Process32FirstW
CloseHandle
CreateProcessW
CreateThread
GetModuleHandleW
GetCurrentProcess
WriteProcessMemory
ReadProcessMemory
VirtualQueryEx
GetLastError
QueryPerformanceFrequency
GetModuleFileNameA
GetProcAddress
LoadLibraryExA
FormatMessageA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcessId
IsDebuggerPresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
GetSystemTimeAsFileTime
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceCounter
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
InitializeSListHead
FreeLibrary
GetCurrentThreadId
IsProcessorFeaturePresent

user32

DefWindowProcW
DestroyWindow
SendMessageW
FindWindowW
GetKeyState
CreateWindowExW
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
UnregisterClassW
RegisterClassExW
ShowWindow
GetWindowThreadProcessId
PeekMessageW
TranslateMessage
UpdateWindow
PostQuitMessage
ScreenToClient
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetAsyncKeyState
GetCursorPos
SetCursorPos
ReleaseCapture
GetClientRect
DispatchMessageW

advapi32

GetTokenInformation
AdjustTokenPrivileges
OpenProcessToken

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

xinput1_4

ord2
ord4

msvcp140

?_Xlength_error@std@@YAXPBD@Z

vcruntime140

__std_exception_destroy
_CxxThrowException
memset
strrchr
memchr
__std_exception_copy
longjmp
memcpy
strchr
memmove
strstr
__std_terminate
__CxxFrameHandler3
_setjmp3
_except_handler4_common

api-ms-win-crt-stdio-l1-1-0

__p__commode
tmpnam
ungetc
tmpfile
setvbuf
fgets
_popen
_pclose
_ftelli64
_fseeki64
clearerr
ftell
__acrt_iob_func
fflush
fclose
__stdio_common_vfprintf
getc
freopen
fopen
ferror
feof
__stdio_common_vswprintf
fseek
fwrite
_set_fmode
_wfopen
__stdio_common_vsprintf
__stdio_common_vsscanf
fread

api-ms-win-crt-string-l1-1-0

isgraph
ispunct
islower
iscntrl
tolower
toupper
strncpy
isupper
isalpha
strncmp
strcpy_s
strpbrk
strspn
strcoll
isdigit
isspace
isxdigit
isalnum

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-heap-l1-1-0

free
malloc
realloc
_set_new_mode
_callnewh

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_onexit_table
_wassert
system
__p___argv
_register_thread_local_exe_atexit_callback
terminate
__p___argc
_c_exit
_register_onexit_function
abort
_crt_atexit
_controlfp_s
_exit
strerror
_cexit
_seh_filter_exe
_set_app_type
_get_initial_narrow_environment
_errno
_invalid_parameter_noinfo_noreturn
_initterm
exit
_initialize_narrow_environment
_initterm_e

api-ms-win-crt-convert-l1-1-0

strtod
atof

api-ms-win-crt-time-l1-1-0

_difftime64
_gmtime64
_localtime64
_mktime64
_time64
strftime
clock

api-ms-win-crt-locale-l1-1-0

setlocale
localeconv
_configthreadlocale

api-ms-win-crt-math-l1-1-0

_CIatan2
__setusermatherr
_except1
_CIcosh
_libm_sse2_log_precise
_CIfmod
_libm_sse2_pow_precise
floor
_libm_sse2_sin_precise
frexp
_CIsinh
_CItanh
_libm_sse2_log10_precise
_libm_sse2_acos_precise
_libm_sse2_asin_precise
ldexp
_libm_sse2_exp_precise
_libm_sse2_cos_precise
_libm_sse2_sqrt_precise
_libm_sse2_tan_precise
ceil

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-filesystem-l1-1-0

remove
rename

Sections

.text
Size: 358KB - Virtual size: 358KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fa54bcb5049756e0db86f90d3b29017e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d9

kernel32

user32

advapi32

imm32

xinput1_4

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Sections

.text Size: 358KB - Virtual size: 358KB

.rdata Size: 71KB - Virtual size: 70KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 358KB - Virtual size: 358KB

.rdata
Size: 71KB - Virtual size: 70KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 14KB - Virtual size: 14KB