The Nidavellir Launcher[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

The Nidavellir Launcher.exe
Size

16.3MB
MD5

0b1fc93e6edb1b1f89b5f9f469fdf7fd
SHA1

bd3be68f35bcf44674e419ea03f6e94134ad3867
SHA256

48bb5846742f43c62bd37950de6875d043a1b6db5f831dc8d733510a3553eae6
SHA512

bb9d9e03ea087aa517a18bafa97aafc5c9bb1087e19ab84acc279ede4fe5397ee65803e2f5c320df206804dc78228289978d6cbb5fafb923c3f6389bc22b7db6
SSDEEP

393216:XoKr4AxNvNihp6Gv+TENDp1KPVjoRgtX8dE:4ctehE2Jp1CQgp8e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
The Nidavellir Launcher.exe

Files

The Nidavellir Launcher.exe
.exe windows:6 windows x64 arch:x64

f80d99db12bf5663d08cc4c5494aedf8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSAStartup

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA

d3d11

D3D11CreateDeviceAndSwapChain

kernel32

CreateNamedPipeA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

UpdateWindow

gdi32

GetDeviceCaps

shell32

ShellExecuteA

ole32

CoInitializeSecurity

oleaut32

SysFreeString

msvcp140

?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z

urlmon

URLDownloadToFileA

imm32

ImmSetCandidateWindow

d3dcompiler_47

D3DCompile

bcrypt

BCryptCloseAlgorithmProvider

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException

api-ms-win-crt-heap-l1-1-0

_aligned_malloc

api-ms-win-crt-runtime-l1-1-0

_errno

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-time-l1-1-0

strftime

api-ms-win-crt-string-l1-1-0

_stricmp

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-math-l1-1-0

acosf

api-ms-win-crt-locale-l1-1-0

localeconv

Exports

Exports

OPENSSL_Applink

Sections

.text
Size: - Virtual size: 709KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.G^>
Size: - Virtual size: 10.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.~x^
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zbo
Size: 16.3MB - Virtual size: 16.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f80d99db12bf5663d08cc4c5494aedf8

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

advapi32

d3d11

kernel32

user32

gdi32

shell32

ole32

oleaut32

msvcp140

urlmon

imm32

d3dcompiler_47

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: - Virtual size: 709KB

.rdata Size: - Virtual size: 168KB

.data Size: - Virtual size: 165KB

.pdata Size: - Virtual size: 32KB

.G^> Size: - Virtual size: 10.6MB

.~x^ Size: 5KB - Virtual size: 4KB

.zbo Size: 16.3MB - Virtual size: 16.3MB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 709KB

.rdata
Size: - Virtual size: 168KB

.data
Size: - Virtual size: 165KB

.pdata
Size: - Virtual size: 32KB

.G^>
Size: - Virtual size: 10.6MB

.~x^
Size: 5KB - Virtual size: 4KB

.zbo
Size: 16.3MB - Virtual size: 16.3MB

.rsrc
Size: 512B - Virtual size: 480B