Extracted

• • Target

    file.exe

  • Size

    382KB

  • MD5

    52e69b7edf5b0262a1a4758ac1e6b5be

  • SHA1

    d528281b9bf09f76b06796a4152c458e0df3759e

  • SHA256

    e2a1eb1a796a01f682a93bbee4af254d89d14382099c56a8c0a5595d0b6e8600

  • SHA512

    584e5778766567a05379c382115bd3050893c1224cfeb0aac1c151b4de009e1c2fb806d9d9a5c4664768054bbd2ff2621353a0b0732512b8491be3657a97e91c

  • SSDEEP

    6144:NvhFH9U6Qi9A73lTTR0toQxRGw3IATtO6280bfJigavwVfIx:NpIiAmtoMn3I4tO60wRx

  Score

  10^/10

  nymaimtrojan

  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2