Extracted

• • Target

    file.exe

  • Size

    2.6MB

  • MD5

    4375eb9b85b6d5b113153568f9d56f43

  • SHA1

    0c4c1f199f81f48395e2c80018a0e8717dcdd80d

  • SHA256

    60ac20a2abc9241fce627496d762f97f630b4bdf955419298cdd6bf77900029c

  • SHA512

    4f1a5557fc32d87a422c290a12a8f419d2d6715b1c9fa37f99c9e4ee585379380ebd8621657d0d3606e2939a67ce359367c1c0f3518f20e0eb30c34bdc4d20f5

  • SSDEEP

    49152:Z2xYfi/FZWIfiHV9/cchwEieItA4be21QRHY/YSrmSK0UlnUDfUUp0HSA5hq:MBFZS16c+E2a4fCRHksUDfUJDq

  Score

  10^/10

  nymaimdiscoverytrojan

  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2