Extracted

• • Target

    file.exe

  • Size

    233KB

  • MD5

    baaa42b5ffaf8677d448072bb24e7cab

  • SHA1

    893262be6a89b69b3349aa6870f76e338197ab55

  • SHA256

    fe58bd5ce6019c16eabf00bd9f624a5d32615c5c8ee45c4003b9ad0681f4fb1d

  • SHA512

    a0f343c0075646125b070d56445ac2067e6dfd3c7ac57cfe829a5f9f141dac0fb5f47bde15d4d60f222ebe1c523e15bc47c1360945ec1ed71ce12a12c8844914

  • SSDEEP

    3072:lRjGUO2EtwLPRP8lh0xXndX6HRhSONZR/i0OS1yJTXVUhK862H/IsrpkcWGzw78:DXywilhyXF5OTTEJTXVSK7sKcWGzw78

  Score

  10^/10

  nymaimtrojan

  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2