» mimikatz.sys
Overview
Analysis
File Details

mimikatz.sys

Benjamin Delpy

The file mimikatz.sys by Benjamin Delpy has been detected as adware by 5 anti-malware scanners.

File name:

mimikatz.sys

Publisher:

Benjamin Delpy (signed and verified)

MD5:

d35240aef54b69c2bb5c9484cd61f37e

SHA-1:

6d4203dbddfb89654ea41e44b03b66d05f178a14

SHA-256:

4b617b1857645ec79b36086e2aff00dd010c14b6ebdd05718bc1a645dd2d0768

Scanner detections:

5 / 68

Status:

Adware

Analysis date:

4/27/2024 1:54:57 AM UTC (today)

Scan engine

Detection

Engine version

McAfee

HTooL-Mimikatz.d

5600.6718

Reason Heuristics

PUP.BenjaminDelpy (M)

15.6.30.18

Sophos

Mimikatz Exploit Utility

4.98

Vba32 AntiVirus

Exploit.Palsas

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

32176

File size:

24.5 KB (25,080 bytes)

File type:

Driver (Win32 SYS)

Common path:

C:\users\{user}\downloads\mimikatz_trunk\win32\mimikatz.sys

Digital Signature

Signed by:

Benjamin Delpy

Authority:

GlobalSign nv-sa

Valid from:

6/28/2011 5:46:16 AM

Valid to:

6/28/2014 5:46:16 AM

Subject:

CN=Benjamin Delpy, C=FR

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112169417A1C3EF46A301F99385F50680FA0

File PE Metadata

Compilation timestamp:

1/22/2013 6:12:58 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

384:v0cjt6CvnrHAXszaGH/DMYFUi9DnbR7yzPFe++m8pK5+znVYEH9dUb+o7BoLms:NtdrH4QfByJedmg4+zVHkio7BoLms

Entry address:

0x703E

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 74, A6, FF, FF, CC, CC, A4, 70, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 52, 74, 00, 00, 18, 40, 00, 00, 8C, 70, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, DC, 74, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, AC, 74, 00, 00, 94, 74, 00, 00, 78, 74, 00, 00, 60, 74, 00, 00, C6, 74, 00, 00, 00, 00, 00, 00, B4, 71, 00, 00, C4, 71, 00, 00, D8, 71, 00, 00, E4, 71, 00, 00, FC, 71, 00, 00, 0E, 72, 00, 00, 2A, 72... 
[+]

Entropy:

6.3588

Code size:

13 KB (13,312 bytes)

Remove mimikatz.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.