Extracted

• • Target

    file.exe

  • Size

    367KB

  • MD5

    a65f292880c2e8eb18d8b3f8686c9ed6

  • SHA1

    22cda93e3435130c76e5afb591815b1e67d9eb50

  • SHA256

    a120a87049bbc78fe6651ee4b9602c5cc05666e1a7db4ac8e53c0ecbc2fd06e7

  • SHA512

    518153a542e15e589d51172ea53ab1e8bb502f14526175e60461a4f17bc1ae58507c5f1433e9d2bfb5164c6caabbabd0d17602eb5870f76faeb4c1b9c145d3a4

  • SSDEEP

    6144:sRFGKkqeLCPp0Cz2nx14kr26ZAE+q67xrc49sFpYUuzbgwuhvbAwwVfU:sRoqe2Pp0CCnxHr2xE+q74Opunnm8Y

  Score

  10^/10

  nymaimtrojan

  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  behavioral1behavioral2