Extracted

• • Target

    file.exe

  • Size

    234KB

  • MD5

    ee4526e45c28b3036d8adb9b80db1b77

  • SHA1

    85969740f02c67d9819108fe6a5018b368f79448

  • SHA256

    b621e0c6e44f4afbe00918c557aee2b97929cfdafc57bd9d8830fd521760e03a

  • SHA512

    c346e685b473abb1cb6d1e5e99e13cbb6928db5b62a42548f3cdd40a3fb062bdf202145bead39a4aebf7fcdfa022764338f917f144e93adbb97a12c56019ba90

  • SSDEEP

    3072:whDazUGRPMlQtN35IazNjEdbn5pysIDN3R2PXks1/5sajthRefykmdo:/zLMlQdzSdb9sI0s17hRvO

  Score

  10^/10

  nymaimtrojan

  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2