Extracted

• • Target

    file

  • Size

    2.3MB

  • MD5

    0875b50d2f4f73f1bbe4449ab3ea050c

  • SHA1

    d7d41ecee22a439a73145fc6b798d00a27f0688c

  • SHA256

    bb4271ea8a221a6b5fcdb1106cac0c14cd0b7e9942b8ed738489b1ce73fdb38c

  • SHA512

    c14ec9cf29648c20779aa6519f11e116ab87978be7b6b757b193418744ea546b79510300f5bb27cac7d0e4ddfff15e0d17088ba559d424f9e439ccc6cabbea27

  • SSDEEP

    49152:kp+eFNX7Xlpi8wzUVoo4UzhY6+R15nUiiG+5klhOq6U9PeOCgSY/imd:kphx6zoN97un4G+5k96gcY/imd

  Score

  10^/10

  nymaimdiscoverytrojan

  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2