Extracted

• • Target

    file.exe

  • Size

    367KB

  • MD5

    d465834946d95c701ae1fddd8deddd5c

  • SHA1

    69f3b9367326f3b18aa91cf5e204d7e5d38fabb5

  • SHA256

    e033f064dd36020f20138bbda42ea90096562216230e1d393edc7d588668efb9

  • SHA512

    89d50618ddcd7d1403905507826b606d8ddb811c69a5355adfb8b9cabf1006b3c96665320e95011213dcec7596715393bf55a891f195ead3a9de67696a7e59be

  • SSDEEP

    6144:sz7kqjLTCNIpwVdHGX26viuSHW6W8S+EsOop6Tuzbgwu+kwVfU:szQqj3CNIeVd1H59lZuunn5s

  Score

  10^/10

  nymaimtrojan

  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  behavioral1behavioral2