Extracted

• • Target

    file.exe

  • Size

    1.9MB

  • MD5

    f7c0326793465619ece15ae1f5809fa2

  • SHA1

    3183245da3a06712cfd4beafe39fdde12efe3d5a

  • SHA256

    6502478e95ad00c37bcba9820c2e43d62d7408b583e4f97fdc81f0ca85030873

  • SHA512

    294457f7e86ca5a3448f90e2f94422a7187cc16e4a509cc57320cdc40bca69c9b604771e252a10a74ec12d77f365c9b0f31b2fe444a76f4b9ce7bd4c3c11cab1

  • SSDEEP

    49152:0VqfC8dwexVHEcq3YzKvlTndv6nMkAgvJ4J76aS0qPh:0YfC8dZREK86nMkzEutZ

  Score

  10^/10

  nymaimdiscoverytrojan

  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2