Extracted

• • Target

    file.exe

  • Size

    367KB

  • MD5

    982dfe78c887d6847e23cd66b5890eb2

  • SHA1

    5cd988466b7a04af5518ff3dd82fb4eac7f5b1fc

  • SHA256

    bd1a106f31d53c6ed9018a5e121f63e32b8f8603d56850ea224bdd6fd0b9ba07

  • SHA512

    6b8cf9f2b2d4d633c2523fe79e0a9c2311910053e3ed6905ae6bfbf14c6296beb0f93cff96493f6672260ed3cc053deb5b4bcd4d058f873e77ef9c7f374b455b

  • SSDEEP

    6144:saokqyCLuAS7JvhlWjqCijitPLBaaXsDf/XSR0nN3WvNJKpcFmuzbgwuMT1LKZEN:sajqyCCAS7YRiYFcDf/XSR05oNJKBunh

  Score

  10^/10

  nymaimtrojan

  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  behavioral1behavioral2