Extracted

• • Target

    file.exe

  • Size

    258KB

  • MD5

    1e5f9d2f2e43d61295bc8c57b159560d

  • SHA1

    b8c85ad540fe60417d5aa0600fcb9b0d76e401b5

  • SHA256

    ebc1471ed86d604d2af9cb52e890145c49fe664fc55b952db1863e564c23cb92

  • SHA512

    c4e0acbd4e886291d3325e323a496fb2284a5e7729c98fb3d3edabd1875e86c10454ab0d090f257c5b93a8a9cc5797dbad44e0416619bbaf03f5feb353067521

  • SSDEEP

    3072:tWu/aEcW4F8z5YzfEi6XsaIcqJT/SqACRodbzpFu6mS6qTY7xMElBXsud5x:f8JzfEi6XEXTqYo1NcLqTYNx

  Score

  10^/10

  nymaimtrojan

  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2