File 9a3bf7ba676bf2f66b794f6cf27f8617f298caa4ccf2ac1ecdcbbef260306194 Summary
Like

Analyse score

9 / 14

9 antivirus venders flagged
this file as malicious

Signature

Signed file, invalid signature

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0xf45b547b

MD5

8af476e24db8d3cd76b2d8d3d889bb5c

Magic

PE32+ executable (console) x86-64, for MS Windows

SHA1

3d62d29b8752da696caa9331f307e067bc371231

SHA256

9a3bf7ba676bf2f66b794f6cf27f8617f298caa4ccf2ac1ecdcbbef260306194

SHA512

465b25adc0144a6ac2e5f45e7c8eae2b2dc81ba45f0209b19935e7c0f63d3af6fc2f36a7e29c03cf087e0a3712858d2f945a8c25fa7a0606e2abdb80d2e0320c

SSDeep

24576:72n01WfpqNUCrEM3IwzDRH9VVuGjuT85c:72lpqSC4UIwzldVVuGjuTR

Size

996.65KB

Packer
  • PE+(64): compiler: Microsoft Visual C/C++(2008 SP1)[-]
  • PE+(64): linker: Microsoft Linker(9.0)[EXE64,console,signed]
TrID
  • 43.3% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
  • 27.6% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 13.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 5.3% (.EXE) OS/2 Executable (generic) (2029/13)
  • 5.2% (.EXE) Generic Win/DOS Executable (2002/3)
Tags

ExifTool File Metadata

CharacterSet

Unicode

CodeSize

604.50KB

CompanyName

gentilkiwi (Benjamin DELPY)

EntryPoint

0x91458

ExifToolVersionNumber

12.57

FileDescription

mimikatz for Windows

FileFlags

Pre-release, Private build, Special build

FileFlagsMask

0x003f

FileOs

Windows NT

FileSize

1021 kB

FileSubtype

0

FileType

Win64 EXE

FileTypeExtension

exe

FileVersion

2.2.0.0

FileVersionNumber

2.2.0.0

ImageFileCharacteristics

Executable, Large address aware

ImageVersion

0.0

InitializedDataSize

384.00KB

InternalName

mimikatz

LanguageCode

English (U.S.)

LegalCopyright

Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)

LinkerVersion

9.0

MachineType

AMD AMD64

MimeType

application/octet-stream

ObjectFileType

Executable application

OriginalFileName

mimikatz.exe

OsVersion

5.2

PeType

PE32+

PrivateBuild

Build with love for POC only

ProductName

mimikatz

ProductVersion

2.2.0.0

ProductVersionNumber

2.2.0.0

Subsystem

Windows command line

SubsystemVersion

5.2

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
mimikatz.exe web undefined

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!