» mimidrv.sys
Overview
Analysis
File Details

mimidrv.sys

mimidrv (mimikatz)

Benjamin Delpy

The file mimidrv.sys, “mimidrv for Windows (mimikatz)” by Benjamin Delpy has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory.

File name:

mimidrv.sys

Publisher:

gentilkiwi (Benjamin DELPY) (signed by Benjamin Delpy)

Product:

mimidrv (mimikatz)

Description:

mimidrv for Windows (mimikatz)

Version:

2.0.0.0

MD5:

6a951723cafa60a70332d3ad41de7627

SHA-1:

8e8bd9ccba8b5e25fbf3fa9d0e8eafaacef85e74

SHA-256:

6b3d80883ba4a8a11fdad0f6ff2b9a1b7ebea6067ce9083ac91343e429cdf40c

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/24/2024 6:38:36 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

17.3.11.2

File size:

35.9 KB (36,736 bytes)

Product version:

2.0.0.0

Original file name:

mimidrv.sys

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\x64\mimidrv.sys

Digital Signature

Signed by:

Benjamin Delpy

Authority:

GlobalSign nv-sa

Valid from:

6/28/2011 5:46:16 AM

Valid to:

6/28/2014 5:46:16 AM

Subject:

CN=Benjamin Delpy, C=FR

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112169417A1C3EF46A301F99385F50680FA0

File PE Metadata

Compilation timestamp:

7/27/2015 2:40:01 PM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

Entry address:

0xA064

Entry point:

48, 83, EC, 28, 4C, 8B, C2, 4C, 8B, C9, E8, 95, FF, FF, FF, 49, 8B, D0, 49, 8B, C9, 48, 83, C4, 28, E9, D6, 71, FF, FF, CC, CC, F0, A0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 22, A5, 00, 00, 30, 50, 00, 00, C0, A0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, AC, A5, 00, 00, 00, 50, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 76, A5, 00, 00, 00, 00, 00, 00, 5E, A5, 00, 00, 00, 00, 00, 00, 48, A5, 00, 00, 00, 00, 00, 00, 30, A5, 00, 00, 00, 00, 00, 00, 90, A5, 00, 00... 
[+]

Entropy:

5.8283

Code size:

16.5 KB (16,896 bytes)

Remove mimidrv.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.