Extracted

• • Target

    file.exe

  • Size

    1.3MB

  • MD5

    c024b51ebbf15dc7b9941024b46a5a3c

  • SHA1

    0d2e1e2329b260a3d7b42d095d9efb6cc9c849a5

  • SHA256

    f0b800790d1a4184a24d5a562c0a762dab1907c098e50581fbda3f7ab51714e5

  • SHA512

    186a2596ac62a222cad713a925f66e250c5f381cffc5ba4e3ca19b75b3774ce25e38cf6c97ebbcd049454d8fb2b34fd0c1651ba5f0f383803014a8de014e8204

  • SSDEEP

    24576:q20IUAyFDO8sF4D8BV+UKxrxi3NAcI2ycWT697ILYgXC75ld1qSVpk:q2cFi8sioBIvl2TcHId1qapk

  Score

  10^/10

  nymaimdiscoverytrojan

  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2