Extracted

• • Target

    file.exe

  • Size

    2.4MB

  • MD5

    3a1177cc5b782468ca99e210ff396bfb

  • SHA1

    65ea51bb1155b63c0ea7abeddde3e8ece10c8ee6

  • SHA256

    1a5f8037808326329b5f35222701f3b138cc743dbda0a73e0933805afd4c3923

  • SHA512

    9a795cc44d699cad3152b5fd87f749333f5d05509eacda42fe7ce03302cdb33b15961505dbe6cebc088afcbcbb741e2f30412c116ac15a2f02e53aade256fee1

  • SSDEEP

    49152:50PBpTzM4NkP0WH+0HDDLJntOItDrj/Rn0ZxY6mqPYTg7O/d3HF:50PBp8ykPP+0HDXR7tDn/R0bP3PlQl

  Score

  10^/10

  nymaimdiscoverytrojan

  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2