Extracted

• • Target

    file.exe

  • Size

    2.0MB

  • MD5

    73b70679bf81cb29bd71d63870d3b64b

  • SHA1

    57ed83403437cf7407c6bf03e3c8078e441d72d3

  • SHA256

    10ab4b67654b37c2b297fd0d3472d73ccf8d91965e9f3d92a3aeb7aaf716ce46

  • SHA512

    31794d2ca3259d4922e6e30b91a416c4c0d107968f31811d4c0528bdd4fde60e38cf4dc25b705df75f4a243123bb9abad1e59e8d6b1de7d5faa7670ab37f1088

  • SSDEEP

    49152:GivLILX/VVTccDekwGDMz6ihGqikpFZGUWJQNiNUDXKJ:Giv8LcyeT4MeihGqPUwA

  Score

  10^/10

  nymaimdiscoverytrojan

  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2