Extracted

• • Target

    file

  • Size

    367KB

  • MD5

    89211f5f9092f9d78de071e5d29d9300

  • SHA1

    6a189bc431287ccea5600e3409c174027136322a

  • SHA256

    ffc415d99e35512b281f93eaa46055035efc1ee5635fec25b2c1ff1771374a68

  • SHA512

    9d0d3a0d3f8989df597e82f09a135c2e4a86dd579dd607eabe13a4a5962219e7ecd04c225824d21b17a68035e4d3264123ad7b30114d34cf7ce6f48a0bb38e78

  • SSDEEP

    6144:sm1kqMLjz7p9RxtvF4TfWerihaa3WWuzbgwuRgwVfU:smaqMXz7pr/F4Tfn+unnJ

  Score

  10^/10

  nymaimtrojan

  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  behavioral1behavioral2