home

mimikatz.exe

mimikatz

Benjamin Delpy

The application mimikatz.exe, “mimikatz for Windows” by Benjamin Delpy has been detected as adware by 33 anti-malware scanners.
Publisher:
gentilkiwi (Benjamin DELPY)  (signed by Benjamin Delpy)

Product:
mimikatz

Description:
mimikatz for Windows

Version:
2.0.0.0

MD5:
cca2ba096d9b401e52db6ed0e309eda0

SHA-1:
08ec17fafd71acb3c82fa46ebd24eb093d368289

SHA-256:
9c109e81f6c6079edc574f3783c20253ff219df9150bbc1c19156d7913f56b1c

Scanner detections:
33 / 68

Status:
Adware

Analysis date:
4/25/2024 8:57:20 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11214630
549

Agnitum Outpost
Exploit.Palsas
7.1.1

AhnLab V3 Security
Trojan/Win32.Palsas
15.08.04

Avira AntiVirus
TR/Expl.Palsas.o.16
7.11.140.110

Baidu Antivirus
Trojan.Win64.Palsas
4.0.3.1584

Bitdefender
Trojan.Generic.11214630
1.0.20.1080

Comodo Security
UnclassifiedMalware
18432

Emsisoft Anti-Malware
Trojan.Generic.11214630
8.15.08.04.09

ESET NOD32
Win64/HackTool.Mimikatz
9.9891

Fortinet FortiGate
W32/Mimikatz.G!exploit
8/4/2015

F-Prot
W32/Mimikatz.A.gen
v6.4.7.1.166

F-Secure
Trojan.Generic.11214630
11.2015-04-08_3

G Data
Trojan.Generic.11214630
15.8.24

IKARUS anti.virus
Exploit.Win32.Palsas
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.177.12101

Kaspersky
HackTool.Win32.Mimikatz
14.0.0.1631

McAfee
HTool-Mimikatz!CCA2BA096D9B
5600.6683

MicroWorld eScan
Trojan.Generic.11214630
16.0.0.648

NANO AntiVirus
Exploit.Win64.Palsas.cyqvgd
0.28.0.60100

Norman
Mikatz.CERT
11.20150804

nProtect
Trojan.Generic.11214630
14.06.04.01

Panda Antivirus
Trj/CI.A
15.08.04.09

Qihoo 360 Security
Win32/Trojan.Exploit.30a
1.0.0.1015

Quick Heal
Exploit.Palsas.r5 (Not a Virus)
8.15.14.00

Reason Heuristics
PUP.BenjaminDelpy (M)
15.8.4.21

Sophos
Mimikatz Exploit Utility
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Suspicious
9711

Trend Micro House Call
TROJ_GEN.F47V0304
7.2.216

Trend Micro
HKTL_MIMIKATZ
10.465.04

Vba32 AntiVirus
Exploit.Palsas.o
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Generic
29926

ViRobot
Trojan.Win32.S.Agent.189936.A[h]
2014.3.20.0

Zillya! Antivirus
Exploit.Palsas.Win32.10
2.0.0.1790

File size:
198.7 KB (203,456 bytes)

Product version:
2.0.0.0

Copyright:
Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)

Original file name:
mimikatz.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\mimikatz_trunk\x64\mimikatz.exe

Digital Signature
Signed by:
Benjamin Delpy

Authority:
GlobalSign nv-sa

Valid from:
6/28/2011 5:46:16 AM

Valid to:
6/28/2014 5:46:16 AM

Subject:
CN=Benjamin Delpy, C=FR

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112169417A1C3EF46A301F99385F50680FA0

File PE Metadata
Compilation timestamp:
3/2/2014 4:45:02 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
3072:jl8ByNoGeKfM30uYa5erzBsn2eIIWQ+GxKPrkWFEkIzeG7K5hNnoIUsglDQj5Y:KyNoW03A5Y

Entry address:
0x13EFC

Entry point:
48, 83, EC, 28, E8, E3, 34, 00, 00, 48, 83, C4, 28, E9, 6E, FD, FF, FF, CC, CC, 48, 89, 4C, 24, 08, 48, 81, EC, 88, 00, 00, 00, 48, 8D, 0D, 0D, 88, 01, 00, FF, 15, 0F, 65, 00, 00, 4C, 8B, 1D, F8, 88, 01, 00, 4C, 89, 5C, 24, 58, 45, 33, C0, 48, 8D, 54, 24, 60, 48, 8B, 4C, 24, 58, E8, 59, 55, 00, 00, 48, 89, 44, 24, 50, 48, 83, 7C, 24, 50, 00, 74, 41, 48, C7, 44, 24, 38, 00, 00, 00, 00, 48, 8D, 44, 24, 48, 48, 89, 44, 24, 30, 48, 8D, 44, 24, 40, 48, 89, 44, 24, 28, 48, 8D, 05, B8, 87, 01, 00, 48, 89, 44, 24...
 
[+]

Entropy:
5.9490

Code size:
97.5 KB (99,840 bytes)

Remove mimikatz.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.