Extracted

• • Target

    file.exe

  • Size

    383KB

  • MD5

    008dc116c576a3538c647b0efbc20796

  • SHA1

    db0b04c36811635417c219e21018fff436388727

  • SHA256

    87fb7e71af72e85768140a74401b51f4c494baab90bcae67567caab048a9fe4c

  • SHA512

    f111632eeb33a7bbeb1a48700d85efa3a33ac87f4ac24acf11e7bcf6b4620eb210caf1b5db6316967f27961d192b2ff9686bec8da92f09851761255db123dec1

  • SSDEEP

    6144:NFih4YFAtP+UMslYPBEWn3Um7NvYKRvDs60LTErlOigavwVfIx:NDltnxlYPB5VdR0LodRx

  Score

  10^/10

  nymaimtrojan

  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2