Extracted

• • Target

    file.exe

  • Size

    1.4MB

  • MD5

    1b1e74381d2c0a6455412ded11651abc

  • SHA1

    ef41d98690bd21fde5776b73b0ba11e0a87d53e5

  • SHA256

    139ea83b0623b718a68232eb8a32bae2bec5d244f00302a2478339b5c8d8d9bc

  • SHA512

    03c01d36e7c865931bc82afacb0ed75ad8e496c0623de705e407cca161aa200ff826a2dc99b2ae9281bfcc288a0a7184fb58bd772784388f4cb26457696cb503

  • SSDEEP

    24576:tizxwTIdOSdnWpUfPWJsK6mrSN7d4r3uJZkLyr9LdxbvDGYgZIY7eCLxYio:GxwxeaKuQBM+AgvxbriNeVio

  Score

  10^/10

  nymaimdiscoverytrojan

  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2