home

mimilib.dll

mimilib (mimikatz)

Benjamin Delpy

The module mimilib.dll, “mimilib for Windows (mimikatz)” by Benjamin Delpy has been detected as adware by 32 anti-malware scanners.
Publisher:
gentilkiwi (Benjamin DELPY)  (signed by Benjamin Delpy)

Product:
mimilib (mimikatz)

Description:
mimilib for Windows (mimikatz)

Version:
2.0.0.0

MD5:
98d694785e7f64e11103bc6488217e73

SHA-1:
b261de0a23fd97583bca00d376dba5cd93fc8190

SHA-256:
855c07c8f65352d278aa22a69ecab88023c499b70625a09407d6464349f873c2

Scanner detections:
32 / 68

Status:
Adware

Analysis date:
4/26/2024 6:08:12 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1699063
549

Agnitum Outpost
Riskware.HackTool
7.1.1

AhnLab V3 Security
Trojan/Win32.HDC
2015.03.11

Avira AntiVirus
TR/Rogue.25280.2
7.11.173.104

avast!
Win32:Mimikatz-B [Tool]
2014.9-150804

AVG
Exploit
2016.0.3027

Bitdefender
Trojan.GenericKD.1699063
1.0.20.1080

Comodo Security
UnclassifiedMalware
19556

Emsisoft Anti-Malware
Exploit.Win32.Palsas
8.15.08.04.09

ESET NOD32
Win64/HackTool.Mimikatz
9.9540

Fortinet FortiGate
W32/Palsas.O!exploit
8/4/2015

F-Prot
W32/Mimikatz.A.gen
v6.4.7.1.166

F-Secure
Trojan.GenericKD.1699063
11.2015-04-08_3

G Data
Trojan.GenericKD.1699063
15.8.24

IKARUS anti.virus
Exploit.Win32.Palsas
t3scan.2.2.29

K7 AntiVirus
Riskware
13.176.11436

Kaspersky
Exploit.Win32.Palsas
14.0.0.1630

McAfee
HTool-Mimikatz!98D694785E7F
5600.6683

MicroWorld eScan
Trojan.GenericKD.1699063
16.0.0.648

NANO AntiVirus
Trojan.Win32.Mimikatz.dnoxio
0.30.0.296

Norman
Mikatz.CERT
11.20150804

nProtect
Trojan/W32.HackTool.25280
14.09.19.01

Panda Antivirus
Trj/CI.A
15.08.04.09

Qihoo 360 Security
Win32/Trojan.Hacktool.a02
1.0.0.1015

Quick Heal
Exploit.Palsas.r5 (Not a Virus)
8.15.14.00

Reason Heuristics
PUP.BenjaminDelpy (M)
15.8.4.17

Sophos
Mimikatz Exploit Utility
4.98

Trend Micro House Call
TROJ_GEN.F47V0304
7.2.216

Trend Micro
HKTL_MIMIKATZ
10.465.04

Vba32 AntiVirus
Exploit.Palsas.o
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
27358

Zillya! Antivirus
Exploit.Palsas.Win32.7
2.0.0.1927

File size:
26.2 KB (26,816 bytes)

Product version:
2.0.0.0

Copyright:
Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)

Original file name:
mimilib.dll

File type:
Dynamic link library (Win64 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\mimikatz_trunk\x64\mimilib.dll

Digital Signature
Signed by:
Benjamin Delpy

Authority:
GlobalSign nv-sa

Valid from:
6/28/2011 5:46:16 AM

Valid to:
6/28/2014 5:46:16 AM

Subject:
CN=Benjamin Delpy, C=FR

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112169417A1C3EF46A301F99385F50680FA0

File PE Metadata
Compilation timestamp:
3/2/2014 4:44:54 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
768:5l0XL9J/sG2XXl5bqsYsRRgZsRchYlGWVHCzF:5Cf/sTV5bHRf9chYl5JkF

Entry address:
0x2E78

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 37, 02, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, D3, FD, FF, FF, CC, CC, CC, 48, 89, 4C, 24, 08, 48, 81, EC, 88, 00, 00, 00, 48, 8D, 0D, C5, 37, 00, 00, FF, 15, E7, 11, 00, 00, 4C, 8B, 1D, B0, 38, 00, 00, 4C, 89, 5C, 24, 58, 45, 33, C0, 48, 8D, 54, 24, 60, 48, 8B, 4C, 24, 58, E8, 9B, 02, 00, 00, 48, 89, 44, 24, 50, 48, 83, 7C, 24...
 
[+]

Entropy:
6.1930

Code size:
9.5 KB (9,728 bytes)

Remove mimilib.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.