home

mimidrv.sys

mimidrv (mimikatz)

Benjamin Delpy

The file mimidrv.sys, “mimidrv for Windows (mimikatz)” by Benjamin Delpy has been detected as adware by 31 anti-malware scanners.
Publisher:
gentilkiwi (Benjamin DELPY)  (signed by Benjamin Delpy)

Product:
mimidrv (mimikatz)

Description:
mimidrv for Windows (mimikatz)

Version:
2.0.0.0

MD5:
ba75817e2fa4797fa3964d8fe20f875a

SHA-1:
dfcf0ba9fb7ffd529030bceffde4a5ebccdbb776

SHA-256:
0d8dc11d838d69fe1685da5e57f90926d04286976396f06970e2c913658444d3

Scanner detections:
31 / 68

Status:
Adware

Analysis date:
4/20/2024 1:07:32 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.HackTool.Mimikatz.C
549

Agnitum Outpost
Riskware.HackTool
7.1.1

AhnLab V3 Security
HackTool/Win32.Mimikatz
15.08.04

Avira AntiVirus
TR/Spy.Mimikatz.A.1
7.11.218.116

avast!
Win32:Mimikatz-A [Tool]
2014.9-150804

Bitdefender
Application.HackTool.Mimikatz.C
1.0.20.1080

Comodo Security
UnclassifiedMalware
21362

Emsisoft Anti-Malware
Trojan.Generic.12371118
8.15.08.04.09

ESET NOD32
Win32/HackTool.Mimikatz
9.9540

Fortinet FortiGate
W32/Palsas.M!exploit
8/4/2015

F-Prot
W32/Mimikatz.A.gen
v6.4.7.1.166

F-Secure
Application.HackTool.Mimikatz
11.2015-04-08_3

G Data
Application.HackTool.Mimikatz
15.8.25

IKARUS anti.virus
Exploit.Win32.Palsas
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.176.11436

Kaspersky
Exploit.Win32.Palsas
14.0.0.1631

McAfee
HTool-Mimikatz!BA75817E2FA4
5600.6683

MicroWorld eScan
Application.HackTool.Mimikatz.C
16.0.0.648

NANO AntiVirus
Trojan.Win32.Mimikatz.dmjscw
0.30.8.659

Norman
Mikatz.CERT
11.20150804

nProtect
Trojan/W32.HackTool.29568
15.03.19.01

Panda Antivirus
Trj/CI.A
15.08.04.09

Qihoo 360 Security
Win32/Trojan.Exploit.84b
1.0.0.1015

Quick Heal
Exploit.Win64.r8 (Not a Virus)
8.15.14.00

Reason Heuristics
PUP.BenjaminDelpy (M)
15.8.4.21

Rising Antivirus
PE:Trojan.Win32.Generic.17DFAF73!400535411
23.00.65.15802

Sophos
Generic PUA NP
4.98

Trend Micro House Call
TROJ_GEN.F47V0304
7.2.216

Trend Micro
HKTL_MIKATZ
10.465.04

Vba32 AntiVirus
Exploit.Palsas
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
27358

File size:
26.6 KB (27,224 bytes)

Product version:
2.0.0.0

Copyright:
Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)

Original file name:
mimidrv.sys

File type:
Driver (Win32 SYS)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\mimikatz_trunk\win32\mimidrv.sys

Digital Signature
Signed by:
Benjamin Delpy

Authority:
GlobalSign nv-sa

Valid from:
6/28/2011 5:46:16 AM

Valid to:
6/28/2014 5:46:16 AM

Subject:
CN=Benjamin Delpy, C=FR

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112169417A1C3EF46A301F99385F50680FA0

File PE Metadata
Compilation timestamp:
3/2/2014 4:45:05 PM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
384:faer1+IqCG4m883/HUlf8WyzH3t4SF46aD+dlJpTiIKVnVYEHiw8dUb+g8:fxi4PDyz3p46aD+dlJ19WVHCOig8

Entry address:
0x603E

Entry point:
8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 98, B4, FF, FF, CC, CC, A4, 60, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, DC, 63, 00, 00, 18, 30, 00, 00, 8C, 60, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 66, 64, 00, 00, 00, 30, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 36, 64, 00, 00, 1E, 64, 00, 00, 02, 64, 00, 00, EA, 63, 00, 00, 50, 64, 00, 00, 00, 00, 00, 00, A0, 61, 00, 00, AE, 61, 00, 00, C6, 61, 00, 00, D8, 61, 00, 00, F2, 61, 00, 00, 0A, 62, 00, 00, 28, 62...
 
[+]

Entropy:
6.0460

Code size:
10.5 KB (10,752 bytes)

Remove mimidrv.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.