Extracted

• • Target

    file.exe

  • Size

    1.8MB

  • MD5

    4177d8b0feae750bb3406cf8ab0a264f

  • SHA1

    106a7e64cef5de519c3249ed6e9f391326e80c93

  • SHA256

    f9e28020855db773f7cc0854193b1b4fce3cf9ea9c2969e73dbd3ed65248ae28

  • SHA512

    e8915cb291408102c0309562efe1cbf3dd2bbc1b2636c9614f02e65c67974c91e6cbf45c4fe915e4a6829ec728bdb8ed2abeea8773a4a3254dbc05ff00ccaa68

  • SSDEEP

    49152:b0XFpy46uVL6LOWMDtKkvSWAwCz1JubFbst6nWP7p3r:b8p/YMDLN2JQsAnGdr

  Score

  10^/10

  nymaimdiscoverytrojan

  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2