» mimikatz.exe
Overview
Analysis
File Details

mimikatz.exe

mimikatz

Benjamin Delpy

The application mimikatz.exe, “mimikatz for Windows” by Benjamin Delpy has been detected as adware by 36 anti-malware scanners. It is also typically executed from the user's temporary directory.

File name:

mimikatz.exe

Publisher:

gentilkiwi (Benjamin DELPY) (signed by Benjamin Delpy)

Product:

mimikatz

Description:

mimikatz for Windows

Version:

2.0.0.0

MD5:

755b4f09cee4944807189d106516ae95

SHA-1:

924e5b8adb9c507d06ad1de3ea63a62d8e478637

SHA-256:

f8b953b22cf73491d6f41460ff16c5f766f1fe1ea6a95e78a50825ae6505628a

Scanner detections:

36 / 68

Status:

Adware

Analysis date:

4/26/2024 5:09:18 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.11157218

471

Agnitum Outpost

Exploit.Palsas

7.1.1

AhnLab V3 Security

HackTool/Win32.Mimikatz

2015.09.22

Avira AntiVirus

SPR/Hacktool.160448

8.3.2.2

AVG

Exploit

2016.0.2949

Baidu Antivirus

Trojan.Win64.Palsas

4.0.3.151021

Bitdefender

Trojan.Generic.11157218

1.0.20.1470

Comodo Security

UnclassifiedMalware

23278

Emsisoft Anti-Malware

Trojan.Generic.11157218

8.15.10.21.11

ESET NOD32

Win64/HackTool.Mimikatz.H potentially unsafe (variant)

9.12287

Fortinet FortiGate

W32/Mimikatz.G!exploit

10/21/2015

F-Prot

W32/Mimikatz.A.gen

v6.4.7.1.166

F-Secure

Trojan.Generic.11157218

11.2015-21-10_4

G Data

Win64.Application.Agent.FR2CWG

15.10.25

IKARUS anti.virus

Exploit.Win32.Palsas

t3scan.1.9.5.0

K7 AntiVirus

Riskware

13.210.17281

Kaspersky

HackTool.Win32.Mimikatz

14.0.0.1240

McAfee

HTool-Mimikatz

5600.6605

Microsoft Security Essentials

HackTool:Win64/Mikatz

1.1.12101.0

MicroWorld eScan

Trojan.Generic.11157218

16.0.0.882

NANO AntiVirus

Exploit.Win64.Palsas.cxiisl

0.30.24.3283

Norman

Mikatz.CERT

11.20151021

nProtect

Trojan.Generic.11157218

14.05.15.01

Panda Antivirus

Trj/CI.A

15.10.21.11

Qihoo 360 Security

Win32/Trojan.Exploit.30a

1.0.0.1015

Quick Heal

HackTool.Mimikatz.r6 (Not a Virus)

10.15.14.00

Reason Heuristics

PUP.BenjaminDelpy (M)

15.10.21.23

Rising Antivirus

PE:Malware.Generic/QRS!1.9E2D[F1]

23.00.65.151019

Sophos

Mimikatz Exploit Utility (PUA)

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Suspicious

9555

Trend Micro House Call

HKTL_MIMIKATZ

7.2.294

Trend Micro

TROJ_GEN.R047C0EES15

10.465.21

Vba32 AntiVirus

Exploit.Palsas

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

43940

ViRobot

Trojan.Win32.S.Agent.189936.A[h]

2014.3.20.0

Zillya! Antivirus

Tool.Mimikatz.Win32.147

2.0.0.2408

File size:

156.7 KB (160,448 bytes)

Product version:

2.0.0.0

Original file name:

mimikatz.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\x64\mimikatz.exe

Digital Signature

Signed by:

Benjamin Delpy

Authority:

GlobalSign nv-sa

Valid from:

6/28/2011 2:46:16 AM

Valid to:

6/28/2014 2:46:16 AM

Subject:

CN=Benjamin Delpy, C=FR

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112169417A1C3EF46A301F99385F50680FA0

File PE Metadata

Compilation timestamp:

10/29/2013 3:02:26 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

9.0

CTPH (ssdeep):

3072:LJH7bPKP1WdgaytYenIWh+GzXgUkIzeG7K5hYle0+ZUsNlDQjiv:LZmtWUYZQiv

Entry address:

0xE478

Entry point:

48, 83, EC, 28, E8, EB, 27, 00, 00, 48, 83, C4, 28, E9, 6E, FD, FF, FF, CC, CC, 48, 89, 4C, 24, 08, 48, 81, EC, 88, 00, 00, 00, 48, 8D, 0D, 31, 40, 01, 00, FF, 15, 0B, 4F, 00, 00, 4C, 8B, 1D, 1C, 41, 01, 00, 4C, 89, 5C, 24, 58, 45, 33, C0, 48, 8D, 54, 24, 60, 48, 8B, 4C, 24, 58, E8, 61, 48, 00, 00, 48, 89, 44, 24, 50, 48, 83, 7C, 24, 50, 00, 74, 41, 48, C7, 44, 24, 38, 00, 00, 00, 00, 48, 8D, 44, 24, 48, 48, 89, 44, 24, 30, 48, 8D, 44, 24, 40, 48, 89, 44, 24, 28, 48, 8D, 05, DC, 3F, 01, 00, 48, 89, 44, 24... 
[+]

Entropy:

5.9691

Code size:

71.5 KB (73,216 bytes)

Remove mimikatz.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.