Extracted

• • Target

    file.exe

  • Size

    353KB

  • MD5

    b90bf592eb12ad336d85227381f6cd97

  • SHA1

    3e89a8b2cd8a7c1168b698027570dbaf4324cd36

  • SHA256

    4098ed30f5e2a1d453182391fcef81703351574f6c286ac4308bf0be675de907

  • SHA512

    af580dbf51df295bb5078126c062cc6dc4e8027fccc7cbb7b61c5df17a5c15c1321d43be4136dd43f75a2ad7d256cd46b7893b4af9171875c4e999921b7a5772

  • SSDEEP

    6144:B4J7ELi+hv99zL+bp1Cf0pgseVPlloeYbr/uzbgwuxc1wVf:2Cm+hv99XGw+gs8P4jHunnqc

  Score

  10^/10

  nymaimtrojan

  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  behavioral1behavioral2