Extracted

• • Target

    file

  • Size

    284KB

  • MD5

    5cd9388b0e60981c36bc0553a1ca540a

  • SHA1

    3227b002a4f6b6e0b1962ca395133b1dc8c77e84

  • SHA256

    4ccaf0fd0ebf9417aae0e341166b21f3429908e3710d1c745344c399893cb669

  • SHA512

    7d820dc13a8d8ca8d4798038b1d94122615c5b5f413f9c5de41eb2692ed0a512a6266751d12e8084b20f06ccc7e44f374f471a746c20287a98218b3a357126cc

  • SSDEEP

    3072:FJOaLxo02cb5wPpkxYlpkqYSegeCgdLQjNHg7RA+zVRCnWPaVZdiuhz82Dk+Exx1:fLd2VBl3HgNQjF+zV8WPG5Fw+qx32AY

  Score

  10^/10

  nymaimtrojan

  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2