Extracted

• • Target

    file.exe

  • Size

    1.3MB

  • MD5

    6ae0d18d5800d1c07ea7489917b60d91

  • SHA1

    3260602c0d1ecac68838cdffd90a8a6fbfa65448

  • SHA256

    b2048219ca9ec58e36499f7159bf02f89f5a8ea2d022cd4eecf98ce502fccda3

  • SHA512

    bdf2a4c016817d9a1209717fa9ed43792ae28b678aaa0deeb6cf7e060d37a9d1b6f2fd5ff76a287a6cd7be45183631416987885eb356d174141ebb0a9c07d96a

  • SSDEEP

    24576:Niz30baNb6apeoicRhFncVXAehrdRm91Z5Zkmh4zgZIY7eCLxYiO:myaNb6apzRncVXPhZRMVhvNeViO

  Score

  10^/10

  nymaimdiscoverytrojan

  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2