Extracted

• • Target

    file

  • Size

    372KB

  • MD5

    c411621a8ed8a8a0a18417c692e4304c

  • SHA1

    09f078ef688e25bd0568d5b8e1a54e0a746a32f6

  • SHA256

    35751dcc5b2fb582a7769dee7f30010f29b715bde86770ee5ec7fc126add25f4

  • SHA512

    6ba773213084ddd4e1e0f10c35d186a7694595fac6b33e2a7ed89ffada21c97ac9c2f77d850481d5056d9e73fb406d537fee4689e75e8be609bef1225896c689

  • SSDEEP

    6144:6EHcfd9otBMFd9agH2wMdefzqmH82dBFY3kUWbuzbgwuO0r3WwVfge:6mcfd9oa9rHRMdef+mc2dfqqunnwra

  Score

  10^/10

  nymaimtrojan

  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2