home

mimikatz.exe

mimikatz

Benjamin Delpy

The application mimikatz.exe, “mimikatz for Windows” by Benjamin Delpy has been detected as adware by 34 anti-malware scanners.
Publisher:
gentilkiwi (Benjamin DELPY)  (signed by Benjamin Delpy)

Product:
mimikatz

Description:
mimikatz for Windows

Version:
2.0.0.0

MD5:
f0ebf3ca8ce8fad52c58005291ace503

SHA-1:
f0dd7dfb3f8271abd783b211d5d58355bf63689e

SHA-256:
19db45064336d30422389ba6c574d5e9f5e6bdf3364be0394cce2191c47f954e

Scanner detections:
34 / 68

Status:
Adware

Analysis date:
4/27/2024 2:23:37 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11157218
549

Agnitum Outpost
Exploit.Palsas
7.1.1

AhnLab V3 Security
Trojan/Win32.Palsas
15.08.04

Avira AntiVirus
SPR/Tool.Mikatz.46
7.11.149.250

Baidu Antivirus
Trojan.Win64.Palsas
4.0.3.1584

Bitdefender
Trojan.Generic.11157218
1.0.20.1080

Comodo Security
UnclassifiedMalware
18281

Emsisoft Anti-Malware
Trojan.Generic.11157218
8.15.08.04.09

ESET NOD32
Win32/HackTool.Mimikatz (variant)
9.9806

Fortinet FortiGate
W32/Mimikatz.G!exploit
8/4/2015

F-Prot
W32/Mimikatz.A.gen
v6.4.7.1.166

F-Secure
Trojan.Generic.11157218
11.2015-04-08_3

G Data
Trojan.Generic.11157218
15.8.24

IKARUS anti.virus
HackTool.Win32.Mikatz
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.177.12101

Kaspersky
Exploit.Win32.Palsas
14.0.0.1631

McAfee
HTool-Mimikatz!F0EBF3CA8CE8
5600.6683

Microsoft Security Essentials
HackTool:Win32/Mikatz
1.10502

MicroWorld eScan
Trojan.Generic.11157218
16.0.0.648

NANO AntiVirus
Exploit.Win32.Palsas.cwmnkb
0.28.0.59911

Norman
Mikatz.CERT
11.20150804

nProtect
Trojan.Generic.11157218
14.05.15.01

Panda Antivirus
Trj/CI.A
15.08.04.09

Qihoo 360 Security
Win32/Trojan.Exploit.30a
1.0.0.1015

Quick Heal
Exploit.Palsas.r5 (Not a Virus)
8.15.14.00

Reason Heuristics
PUP.BenjaminDelpy (M)
15.8.4.21

Sophos
Mimikatz Exploit Utility
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Suspicious
9711

Trend Micro House Call
HKTL_MIMIKATZ
7.2.216

Trend Micro
HKTL_MIMIKATZ
10.465.04

Vba32 AntiVirus
Exploit.Palsas.o
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Generic
29260

ViRobot
Trojan.Win32.S.Agent.189936.A[h]
2014.3.20.0

Zillya! Antivirus
Exploit.Palsas.Win32.10
2.0.0.1790

File size:
168.7 KB (172,736 bytes)

Product version:
2.0.0.0

Copyright:
Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)

Original file name:
mimikatz.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\mimikatz_trunk\win32\mimikatz.exe

Digital Signature
Signed by:
Benjamin Delpy

Authority:
GlobalSign nv-sa

Valid from:
6/28/2011 5:46:16 AM

Valid to:
6/28/2014 5:46:16 AM

Subject:
CN=Benjamin Delpy, C=FR

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112169417A1C3EF46A301F99385F50680FA0

File PE Metadata
Compilation timestamp:
3/2/2014 4:44:52 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
3072:I5szSY4nYZ0CmGC86dnfsMYU8H54nbFp8XW+YImguGxIfbkWFUkIjeG7KZB9a41r:IkSY4nYCzGVtxonU6

Entry address:
0xF3D2

Entry point:
E8, 39, 33, 00, 00, E9, CD, FD, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, E0, 51, 42, 00, 89, 0D, DC, 51, 42, 00, 89, 15, D8, 51, 42, 00, 89, 1D, D4, 51, 42, 00, 89, 35, D0, 51, 42, 00, 89, 3D, CC, 51, 42, 00, 66, 8C, 15, F8, 51, 42, 00, 66, 8C, 0D, EC, 51, 42, 00, 66, 8C, 1D, C8, 51, 42, 00, 66, 8C, 05, C4, 51, 42, 00, 66, 8C, 25, C0, 51, 42, 00, 66, 8C, 2D, BC, 51, 42, 00, 9C, 8F, 05, F0, 51, 42, 00, 8B, 45, 00, A3, E4, 51, 42, 00, 8B, 45, 04, A3, E8, 51, 42, 00, 8D, 45, 08, A3, F4, 51, 42...
 
[+]

Entropy:
6.1941

Code size:
77 KB (78,848 bytes)

Remove mimikatz.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.