Extracted

• • Target

    file.exe

  • Size

    241KB

  • MD5

    24b1afd64e5fd5f86d706c3b128ac53f

  • SHA1

    e348fb12db1c53d9cb4c12c32d4e37f6e664a95b

  • SHA256

    c9208801f999bb656711a5b2ff74fb074fc323974735ce6323ef407e5b50cf3e

  • SHA512

    599f64e22ce9fabe375b03a6c7dc8d9238fbca7ac596baa695dec68961669166bd0e00857b7f52d4ff309769c8140df819ad4a7ce1aabb4b0abd7038a15866df

  • SSDEEP

    3072:sVuQiaOTF5yAuMf8v/K4/fgMUDj/bJIOA6iOMDoNqvWo17ymCPV7jBrz5B:Ci1f8vSMBSj/bJrMkNcL1IdZ

  Score

  10^/10

  nymaimtrojan

  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2