popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2022-09-20 00:43:15

PE Imphash

3d9268f54e37cd480a12f0595aa6b437

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00000d3a 0x00000e00 6.09711158738
.rdata 0x00002000 0x00000645 0x00000800 4.1504421895
.data 0x00003000 0x00000660 0x00000400 5.79083861188
.rsrc 0x00004000 0x00000440 0x00000600 2.55833415192
.reloc 0x00005000 0x000003c8 0x00000400 2.35975435833

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x00004060 0x000003dc LANG_ENGLISH SUBLANG_ENGLISH_US data

Imports

Library ADVAPI32.dll:
0x10002000 CreateProcessAsUserW
0x10002004 SetTokenInformation
0x10002008 DuplicateTokenEx
0x1000200c OpenProcessToken
Library USERENV.dll:
0x10002054 CreateEnvironmentBlock
Library WINSTA.dll:
0x10002060 WinStationEnumerateW
0x10002064 WinStationFreeMemory
Library KERNEL32.dll:
0x10002014 GetCurrentProcessId
0x10002018 GetCurrentThreadId
0x1000201c GetTickCount
0x10002028 GetCurrentProcess
0x1000202c SetLastError
0x10002030 CloseHandle
0x10002038 TerminateProcess
0x10002040 Sleep
0x10002044 InterlockedExchange
0x10002048 RtlUnwind
Library msvcrt.dll:
0x1000206c memset
0x10002070 _XcptFilter
0x10002074 malloc
0x10002078 free
0x1000207c _initterm
0x10002080 _amsg_exit

Exports

Ordinal Address Name
1 0x10001012 DrvDisableDriver
2 0x1000104c DrvEnableDriver
3 0x10001013 DrvQueryDriverInfo
4 0x10001012 DrvResetConfigCache
5 0x1000107e GenerateCopyFilePaths
6 0x10001083 SpoolerCopyFileEvent
!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
lVWj@3
9pHuCj
URPQQhp
t>95$3
UQPXY]Y[
```hhh
xppwpp
OpenProcessToken
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
ADVAPI32.dll
CreateEnvironmentBlock
DestroyEnvironmentBlock
USERENV.dll
WinStationEnumerateW
WinStationFreeMemory
WINSTA.dll
GetCurrentProcess
SetLastError
CloseHandle
KERNEL32.dll
msvcrt.dll
memset
_XcptFilter
malloc
_initterm
_amsg_exit
RtlUnwind
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
mimispool.dll
DrvDisableDriver
DrvEnableDriver
DrvQueryDriverInfo
DrvResetConfigCache
GenerateCopyFilePaths
SpoolerCopyFileEvent
0D1b1k1
3(404H4
595A5G5M5s5|5
6"6(656E6Z6d6
9-93999?9E9K9R9Y9`9g9n9u9|9
<O<T<k<
0X1`1d1l1p1x1|1
cmd.exe
winsta0\default
VS_VERSION_INFO
StringFileInfo
040904b0
ProductName
mimispool (mimikatz)
ProductVersion
2.2.0.0
CompanyName
gentilkiwi (Benjamin DELPY)
FileDescription
mimispool for Windows (mimikatz)
FileVersion
0.3.0.0
InternalName
mimispool
LegalCopyright
Copyright (c) 2007 - 2021 gentilkiwi (Benjamin DELPY)
OriginalFilename
mimispool.dll
PrivateBuild
Build with love for POC only
SpecialBuild
VarFileInfo
Translation
Antivirus Signature
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Mimikatz.i!c
tehtris Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh RDN/Generic PWS.y
ALYac Trojan.GenericKD.72711628
Cylance Unsafe
Zillya Trojan.Mimikatz.Win32.1335
Sangfor Clean
K7AntiVirus Riskware ( 0058873e1 )
Alibaba TrojanPSW:Win32/Mimikatz.c61eb2b3
K7GW Riskware ( 0058873e1 )
Cybereason Clean
Baidu Clean
VirIT Trojan.Win32.Genus.RUJ
Paloalto generic.ml
Symantec Hacktool.Mimikatz
Elastic malicious (high confidence)
ESET-NOD32 Win32/RiskWare.Mimikatz.BE
APEX Clean
Avast Win32:CVE-2021-1675-G [Expl]
Cynet Malicious (score: 100)
Kaspersky Trojan-PSW.Win32.Mimikatz.kdz
BitDefender Trojan.GenericKD.72711628
NANO-Antivirus Trojan.Win32.Mimikatz.jsofqy
ViRobot HackTool.S.Mimikatz.10240
MicroWorld-eScan Trojan.GenericKD.72711628
Tencent Malware.Win32.Gencirc.10bd8cb4
TACHYON Clean
Sophos ATK/Mimikatz-CR
F-Secure Trojan.TR/Mimikatz.ajz
DrWeb Tool.Mimikatz.1197
VIPRE Trojan.GenericKD.72711628
TrendMicro HKTL_MIMIKATZ
McAfeeD ti!05842DE51EDE
Trapmine Clean
FireEye Trojan.GenericKD.72711628
Emsisoft Trojan.GenericKD.72711628 (B)
SentinelOne Clean
GData Trojan.GenericKD.72711628
Jiangmin Trojan.PSW.Mimikatz.cwf
Webroot W32.Hacktool.Gen
Varist W32/ABTrojan.JRAC-7797
Avira TR/Mimikatz.ajz
Antiy-AVL Trojan[PSW]/Win32.Mimikatz
Kingsoft Win32.Trojan-PSW.Mimikatz.gen
Gridinsoft Ransom.Win32.Wacatac.cl
Xcitium ApplicUnwnt@#4mbx9xtgpfrg
Arcabit Trojan.Generic.D4557DCC
SUPERAntiSpyware Clean
ZoneAlarm Trojan-PSW.Win32.Mimikatz.kdz
Microsoft HackTool:Win32/Mimikatz!MSR
Google Detected
AhnLab-V3 Trojan/Win.Mimikatz.R445129
Acronis Clean
McAfee RDN/Generic PWS.y
MAX malware (ai score=100)
VBA32 TrojanPSW.Mimikatz
Malwarebytes Mimikatz.Spyware.Stealer.DDS
Panda Trj/CI.A
Zoner Clean
TrendMicro-HouseCall HKTL_MIMIKATZ
Rising Trojan.Agent!8.B1E (TFE:6:Z7hKCBfrpcB)
Yandex Clean
Ikarus Trojan.PSW.Mimikatz
MaxSecure Clean
Fortinet Riskware/Mimikatz
BitDefenderTheta Gen:NN.ZedlaF.36810.au8@amD1SJii
AVG Win32:CVE-2021-1675-G [Expl]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)
alibabacloud HackTool:Win/Mimikatz.k
No IRMA results available.