Extracted

• • Target

    file.exe

  • Size

    1.3MB

  • MD5

    d39e26d541f4f311d0d0a32c05852443

  • SHA1

    304c97424e7bde8c7441fe6d9192ab59b9f5cf68

  • SHA256

    8d94bbdf7edaafac141e38144cd359a7079da0222f8d3c3b5de585ce31f3c684

  • SHA512

    ff0a2ca723d996b4bba1d3e94612f6fd3406e041192cd7671396b071de1267d5c307327747eb014693561fa0dae125410f6c5bc8d75a9955baad4335dad60b05

  • SSDEEP

    24576:g20hhVhqnmDqaUrw0esTKZpLXnnBmcud7VS1zyDtSDYf+kATuCqtn/:g2QV6HLzWZJ3nBek1zyDtOkATuCE/

  Score

  10^/10

  nymaimdiscoverytrojan

  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2