popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2022-09-20 00:43:57

PE Imphash

c38ebbf4627ca2303746c77210e5a12e

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00000d22 0x00000e00 5.64031713096
.rdata 0x00002000 0x00000825 0x00000a00 3.88660575289
.data 0x00003000 0x000008c0 0x00000400 5.8113338022
.pdata 0x00004000 0x000000fc 0x00000200 2.0308151415
.rsrc 0x00005000 0x00000440 0x00000600 2.5556377265
.reloc 0x00006000 0x00000064 0x00000200 0.153703185652

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x00005060 0x000003dc LANG_ENGLISH SUBLANG_ENGLISH_US data

Imports

Library ADVAPI32.dll:
0x180002000 CreateProcessAsUserW
0x180002008 SetTokenInformation
0x180002010 DuplicateTokenEx
0x180002018 OpenProcessToken
Library USERENV.dll:
0x1800020a8 DestroyEnvironmentBlock
0x1800020b0 CreateEnvironmentBlock
Library WINSTA.dll:
0x1800020c0 WinStationEnumerateW
0x1800020c8 WinStationFreeMemory
Library KERNEL32.dll:
0x180002028 GetCurrentProcessId
0x180002030 GetCurrentThreadId
0x180002038 GetTickCount
0x180002040 QueryPerformanceCounter
0x180002050 UnhandledExceptionFilter
0x180002058 Sleep
0x180002060 GetCurrentProcess
0x180002068 SetLastError
0x180002070 CloseHandle
0x180002078 TerminateProcess
0x180002080 RtlCaptureContext
0x180002088 RtlLookupFunctionEntry
0x180002090 RtlVirtualUnwind
0x180002098 GetSystemTimeAsFileTime
Library msvcrt.dll:
0x1800020d8 memset
0x1800020e0 __C_specific_handler
0x1800020e8 _XcptFilter
0x1800020f0 malloc
0x1800020f8 free
0x180002100 _amsg_exit
0x180002108 _initterm

Exports

Ordinal Address Name
1 0x180001020 DrvDisableDriver
2 0x180001064 DrvEnableDriver
3 0x180001024 DrvQueryDriverInfo
4 0x180001020 DrvResetConfigCache
5 0x1800010a0 GenerateCopyFilePaths
6 0x1800010a4 SpoolerCopyFileEvent
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
VWATAUAVH
A^A]A\_^
LcA<E3
EP=csm
Ep=csm
E`=csm
E(=csm
E@=csm
EX=csm
Ex=csm
```hhh
xppwpp
OpenProcessToken
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
ADVAPI32.dll
CreateEnvironmentBlock
DestroyEnvironmentBlock
USERENV.dll
WinStationEnumerateW
WinStationFreeMemory
WINSTA.dll
GetCurrentProcess
SetLastError
CloseHandle
KERNEL32.dll
msvcrt.dll
memset
__C_specific_handler
_XcptFilter
malloc
_initterm
_amsg_exit
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
mimispool.dll
DrvDisableDriver
DrvEnableDriver
DrvQueryDriverInfo
DrvResetConfigCache
GenerateCopyFilePaths
SpoolerCopyFileEvent
cmd.exe
winsta0\default
VS_VERSION_INFO
StringFileInfo
040904b0
ProductName
mimispool (mimikatz)
ProductVersion
2.2.0.0
CompanyName
gentilkiwi (Benjamin DELPY)
FileDescription
mimispool for Windows (mimikatz)
FileVersion
0.3.0.0
InternalName
mimispool
LegalCopyright
Copyright (c) 2007 - 2021 gentilkiwi (Benjamin DELPY)
OriginalFilename
mimispool.dll
PrivateBuild
Build with love for POC only
SpecialBuild
VarFileInfo
Translation
Antivirus Signature
Bkav Clean
Lionic Trojan.Win64.Mimikatz.i!c
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Mimikatz.10
ClamAV Clean
FireEye Gen:Variant.Mimikatz.10
CAT-QuickHeal Clean
ALYac Gen:Variant.Mimikatz.10
Malwarebytes Mimikatz.Spyware.Stealer.DDS
VIPRE Gen:Variant.Mimikatz.10
Sangfor Infostealer.Win32.Mimikatz.Vfnv
K7AntiVirus Riskware ( 0040eff71 )
BitDefender Gen:Variant.Mimikatz.10
K7GW Riskware ( 0040eff71 )
CrowdStrike win/malicious_confidence_100% (W)
Baidu Clean
VirIT Clean
Cyren W64/Mimikatz.L
Symantec Hacktool.Mimikatz
tehtris Clean
ESET-NOD32 a variant of Generik.BAPJZZG
APEX Clean
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan-PSW.Win64.Mimikatz.gen
Alibaba TrojanPSW:Win32/Mimikatz.f5bcc2d8
NANO-Antivirus Trojan.Win64.Mimikatz.jsrsix
ViRobot Clean
Rising Trojan.Agent!8.B1E (TFE:6:Z7hKCBfrpcB)
Sophos ATK/Mimikatz-CR
F-Secure Clean
DrWeb Tool.Mimikatz.1199
Zillya Trojan.Mimikatz.Win64.482
TrendMicro HKTL_MIMIKATZ64
McAfee-GW-Edition RDN/Generic PWS.y
Trapmine Clean
CMC Clean
Emsisoft Gen:Variant.Mimikatz.10 (B)
Ikarus Trojan.PSW.Mimikatz
GData Gen:Variant.Mimikatz.10
Jiangmin Trojan.PSW.Mimikatz.cyl
Webroot W32.Hacktool.Gen
Avira Clean
MAX malware (ai score=100)
Antiy-AVL Trojan[PSW]/Win64.Mimikatz
Gridinsoft Trojan.Win64.Downloader.cl
Xcitium Clean
Arcabit Trojan.Mimikatz.10
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan-PSW.Win64.Mimikatz.gen
Microsoft HackTool:Win32/Mimikatz!MSR
Google Detected
AhnLab-V3 Trojan/Win.Mimikatz.R445129
Acronis Clean
McAfee RDN/Generic PWS.y
TACHYON Clean
DeepInstinct MALICIOUS
VBA32 Clean
Cylance unsafe
Panda Trj/CI.A
Zoner Clean
TrendMicro-HouseCall HKTL_MIMIKATZ64
Tencent Trojan.Win64.Mimikatz.a
Yandex Trojan.Agent!UfvKYTGIZOw
SentinelOne Clean
MaxSecure Trojan.Malware.9545116.susgen
Fortinet W32/PossibleThreat
BitDefenderTheta Clean
AVG Win32:CVE-2021-1675-G [Expl]
Avast Win32:CVE-2021-1675-G [Expl]
No IRMA results available.