Extracted

• • Target

    file

  • Size

    288KB

  • MD5

    cd20b120a8696e6aefe6410f2c96e971

  • SHA1

    bed483f25a1e0d957d7fe7947d0165c1aa0449d0

  • SHA256

    146657b5b652336f4363d5a5d55173981c3dabfa0b2aa01b15c8db312f2c206f

  • SHA512

    cd558693824acfe8ba9987c44cc10bdf586fc704f46c6ce6f1d9d88517a57b11d3531f742df913927e68874ef5ad0120703a0f24783137dbf68d820310d6e1ba

  • SSDEEP

    3072:FwOW4Jn9LRbtElI85BxP9Jn5Mqs3kNszrkpLOWYYIRxQMKezfCyYF3pTKSeTwXUk:FrF9LUlzxbnGRILVMKcfC53poMX

  Score

  10^/10

  nymaimtrojan

  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2