Extracted

• • Target

    file.exe

  • Size

    351KB

  • MD5

    b490e311bba3ab8d35bbf7ec292783c1

  • SHA1

    c307e3b9c95eb9ac14ffa22fced2e40c79467d46

  • SHA256

    f777b81185026eb4691eba7f4b28e727abc57d52338b6326e332314be20b213f

  • SHA512

    87751dd0f8b3de0bf41e82fba2e42f09dca01d9432ff09768a63ab26c1c7b148193cdc96a1cfcd5300c095aa05a4ce7da960c25e722e86a889f129684b9852ff

  • SSDEEP

    6144:6mu5LoJvLXycBOnZtlYxNkyU0phSRI+AAvWBBTF8+VSRfuzbgwuEpwVfU:6mSEJvbyZnTlYM0phSRNvOhF8SCunnjN

  Score

  10^/10

  nymaimtrojan

  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  behavioral1behavioral2