Extracted

• • Target

    file.exe

  • Size

    229KB

  • MD5

    ee681ff8a455d5e1f057de0f0d887b2f

  • SHA1

    b9baec15bdf4c01ff6b2f8fbc94f9de59d358841

  • SHA256

    6a0077d90d64ead80108d4966c919112c787a5a13036099b36bc82759f7a1133

  • SHA512

    e79a88290009f0de7f1728802b03481865d1b58448a1537cc8bbaf5c4f322439dddbecf04751bd25c31120fe8e246f0b7f5d295fe5b90908c56f673e7e083c7e

  • SSDEEP

    3072:9zR1kwKU1+Vg1s3g7EFC2ChKMiY6MqdRsO1VmkkDBWQZgdPJNL0NkHVUTnfgtEZN:933nVrOnmLW9dxNl1QnfgGZBgI9xcNG

  Score

  10^/10

  nymaimtrojan

  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2