Extracted

• • Target

    file

  • Size

    230KB

  • MD5

    f93d35285e603458ae3ed246c5f36d44

  • SHA1

    7308791b9f03c40eda18a04482a2ad8b662ee48a

  • SHA256

    8442fdf6299b1bbb27e3219d204ab6ff2cf1575a9552b54e2f4631d712655dae

  • SHA512

    3450d96d6a99a09395236e3b53d328bf9d4700897ccd0af544ba223e6b3e7b1cd6559834830d882f3e3c0647b39af9a412d16f2fbc5728cf2fb8ab11752d02c8

  • SSDEEP

    3072:DRmtU740Oul8RNrtaq/va09BTzPxDTOPv7K6ci2VM+HHtntwHOUtDRVLTj4ggYzh:U0Of/XlxfDxHM+HNn6HOMV0qisxA07

  Score

  10^/10

  nymaimtrojan

  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2