Extracted

• • Target

    file.exe

  • Size

    1.4MB

  • MD5

    2d3c621dd2915adefa35f835db942ad2

  • SHA1

    103d7c37df8f7eefb07a4254741808276b65d31d

  • SHA256

    08bc900536434cafecb4753148069a5dae967c77e30435d1b5bf954c2921e72d

  • SHA512

    ca9da6317f657f344e94793818fef46c5a9b7be9fbfedde46044bcc604aa941d5d2ec01566a088fe47bb377696ac52c56f72ed59c3af6140cbb254506f51b8fe

  • SSDEEP

    24576:q20I+6e83NExTTeFZeUMj9zk2uKVQw+0noyh0RpQEjKDgnJ3G+cTggXC75ld1qSA:q2883Na6I9/VLoy0RpQEjL03TQd1qapk

  Score

  10^/10

  nymaimdiscoverytrojan

  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2