× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 23a243a1ce474c4da90b1003ffcbaf9a3ff25e0787844bfe74c21671fdd8b269
File name: wjscript.exe
Detection ratio: 48 / 69
Analysis date: 2019-02-10 06:02:38 UTC ( 2 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Application.Mimikatz.2 20190210
AhnLab-V3 Trojan/RL.Mimikatz.R248084 20190209
Antiy-AVL Trojan[PSW]/Win64.Mimikatz 20190210
Arcabit Application.Mimikatz.2 20190210
Avast FileRepMetagen [Malware] 20190210
AVG FileRepMetagen [Malware] 20190210
Avira (no cloud) PUA/Mimikatz.D 20190210
BitDefender Gen:Application.Mimikatz.2 20190210
CAT-QuickHeal HackTool.Mimikatz 20190209
ClamAV Win.Trojan.Mimikatz-6466236-0 20190209
Comodo Malware@#16gd1i4qxhhq8 20190210
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.5e4786 20190109
Cylance Unsafe 20190210
Cyren W64/S-b61adc75!Eldorado 20190210
eGambit hacktool.mimikatz 20190210
Emsisoft Gen:Application.Mimikatz.2 (B) 20190210
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win64/Riskware.Mimikatz.D 20190209
F-Secure PotentialRisk.PUA/Mimikatz.D 20190210
Fortinet W64/Mimikatz!tr.pws 20190210
GData Win64.Riskware.Mimikatz.B 20190210
Ikarus HackTool.Mimikatz 20190209
Sophos ML heuristic 20181128
Jiangmin Trojan.PSW.Mimikatz.pv 20190210
K7AntiVirus Hacktool ( 0043c1591 ) 20190210
K7GW Hacktool ( 0043c1591 ) 20190210
Kaspersky HEUR:Trojan-PSW.Win64.Mimikatz.gen 20190210
Malwarebytes HackTool.Mimikatz 20190210
MAX malware (ai score=100) 20190210
McAfee HTool-MimiKatz!50300DE5E478 20190210
McAfee-GW-Edition HTool-MimiKatz!50300DE5E478 20190210
Microsoft HackTool:Win32/Mimikatz.E 20190210
eScan Gen:Application.Mimikatz.2 20190210
NANO-Antivirus Trojan.Win64.MimiKatz.flabgb 20190210
Palo Alto Networks (Known Signatures) generic.ml 20190210
Panda HackingTool/Mimikatz 20190209
Rising HackTool.Mimikatz!1.B3A8 (CLOUD) 20190210
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mimikatz Exploit Utility (PUA) 20190210
Symantec Hacktool.Mimikatz 20190209
Tencent Win64.Risk.Riskware.Srwq 20190210
TrendMicro-HouseCall HKTL_MIMIKATZ64 20190210
VBA32 TrojanPSW.Win64.Mimikatz 20190208
Webroot W32.Hacktool.Gen 20190210
Yandex Riskware.Mimikatz! 20190208
Zillya Tool.Mimikatz.Win64.503 20190208
ZoneAlarm by Check Point HEUR:Trojan-PSW.Win64.Mimikatz.gen 20190210
Acronis 20190208
AegisLab 20190210
Alibaba 20180921
ALYac 20190210
Avast-Mobile 20190209
Babable 20180918
Baidu 20190202
Bkav 20190201
CMC 20190209
DrWeb 20190210
F-Prot 20190210
Kingsoft 20190210
Qihoo-360 20190210
SUPERAntiSpyware 20190206
Symantec Mobile Insight 20190207
TACHYON 20190210
TheHacker 20190203
Trapmine 20190123
TrendMicro 20190210
Trustlook 20190210
ViRobot 20190209
Zoner 20190210
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 2007 - 2018 gentilkiwi (Benjamin DELPY)

Product mimikatz
Original name mimikatz.exe
Internal name mimikatz
File version 2.1.1.0
Description mimikatz for Windows
Signature verification Signed file, verified signature
Signing date 12:58 AM 12/10/2018
Signers
[+] Open Source Developer, Benjamin Delpy
Status Valid
Issuer Certum Code Signing CA SHA2
Valid from 08:15 AM 12/05/2018
Valid to 08:15 AM 12/05/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 53533702F0455495A4FBA4755F4E608744CAD650
Serial number 5C D5 1F A1 78 42 D6 ED BD 70 F5 9A 28 8B 30 BC
[+] Certum Code Signing CA SHA2
Status Valid
Issuer Certum Trusted Network CA
Valid from 12:30 PM 10/29/2015
Valid to 11:30 AM 06/09/2027
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 905DE119F6A0118CFFBF8B69463EFE5BD0C1D322
Serial number 6B 32 6A 0F 03 28 D3 7A 1D 53 0B FD 23 BD 48 E2
[+] Certum Trusted Network CA
Status Valid
Issuer Certum Trusted Network CA
Valid from 12:07 PM 10/22/2008
Valid to 01:07 PM 12/31/2029
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 07E032E020B72C3F192F0628A2593A19A70F069E
Serial number 04 44 C0
Counter signers
[+] Certum EV TSA SHA2
Status Valid
Issuer Certum Trusted Network CA
Valid from 02:10 PM 03/08/2016
Valid to 01:10 PM 05/30/2027
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 4F8D4C480649426AEF8B86D4D5FC7932E7142D85
Serial number 00 FE 67 E4 F1 5A 24 E3 C6 0D 54 7C A0 20 C2 76 70
[+] Certum Trusted Network CA
Status Valid
Issuer Certum Trusted Network CA
Valid from 12:07 PM 10/22/2008
Valid to 01:07 PM 12/31/2029
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 07E032E020B72C3F192F0628A2593A19A70F069E
Serial number 04 44 C0
PE header basic information
Target machine x64
Compilation timestamp 2018-12-09 22:57:07
Entry Point 0x000807B8
Number of sections 6
PE sections
Overlays
MD5 5c51a390b94e76eeab9b89e0d2f4879d
File type data
Offset 915968
Size 11416
Entropy 7.31
PE imports
CopySid
CryptEncrypt
GetSidSubAuthorityCount
CreateWellKnownSid
RegOpenKeyExW
CryptDuplicateKey
LookupAccountNameW
OpenEventLogW
ConvertSidToStringSidW
GetTokenInformation
LsaQueryInformationPolicy
LsaFreeMemory
OpenThreadToken
BuildSecurityDescriptorW
LsaRetrievePrivateData
CryptGetUserKey
CryptDestroyKey
DuplicateTokenEx
OpenServiceW
LookupPrivilegeValueW
RegQueryValueExW
CryptImportKey
CloseServiceHandle
GetSidSubAuthority
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptEnumProviderTypesW
ClearEventLogW
SetServiceObjectSecurity
CryptGenKey
CryptSetProvParam
LsaOpenSecret
IsTextUnicode
CreateProcessAsUserW
RegSetValueExW
CryptExportKey
CheckTokenMembership
QueryServiceStatusEx
SetThreadToken
RegCloseKey
LookupAccountSidW
StartServiceW
LsaQuerySecret
CreateProcessWithLogonW
GetNumberOfEventLogRecords
DeleteService
CryptCreateHash
CryptDeriveKey
CryptDecrypt
OpenProcessToken
LsaClose
LsaEnumerateTrustedDomainsEx
SystemFunction032
CreateServiceW
CryptReleaseContext
CryptAcquireContextA
IsValidSid
RegisterServiceCtrlHandlerW
RegEnumKeyExW
CryptAcquireContextW
CryptGetProvParam
CryptDestroyHash
RegEnumValueW
CryptEnumProvidersW
CryptSignHashW
FreeSid
CryptGetHashParam
AllocateAndInitializeSid
SystemFunction024
SystemFunction025
OpenSCManagerW
CryptSetHashParam
ControlService
CryptHashData
LsaOpenPolicy
CryptGetKeyParam
SystemFunction013
LsaQueryTrustedDomainInfoByName
LookupPrivilegeNameW
SetServiceStatus
RegQueryInfoKeyW
GetLengthSid
ConvertStringSidToSidW
CryptSetKeyParam
CredFree
CredEnumerateW
QueryServiceObjectSecurity
StartServiceCtrlDispatcherW
SystemFunction005
SystemFunction006
SystemFunction007
SystemFunction001
CertEnumCertificatesInStore
CryptUnprotectData
CryptAcquireCertificatePrivateKey
CertOpenStore
CertSetCertificateContextProperty
CertAddEncodedCertificateToStore
CertAddCertificateContextToStore
CertFreeCertificateContext
CryptExportPublicKeyInfo
CertFindCertificateInStore
CertCloseStore
CertGetCertificateContextProperty
CertNameToStrW
CryptProtectData
CryptStringToBinaryW
CryptSignAndEncodeCertificate
CertGetNameStringW
CryptEncodeObject
CertEnumSystemStore
CryptBinaryToStringW
PFXExportCertStoreEx
Ord(14)
Ord(11)
Ord(10)
Ord(13)
FilterFindFirst
FilterFindNext
HidD_GetAttributes
HidP_GetCaps
HidD_FreePreparsedData
HidD_GetFeature
HidD_SetFeature
HidD_GetPreparsedData
HidD_GetHidGuid
GetTempFileNameA
FileTimeToDosDateTime
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
PurgeComm
HeapDestroy
SetConsoleCursorPosition
GetFileAttributesW
GetStdHandle
GetProcessId
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
GetFileInformationByHandle
GetTempPathA
WideCharToMultiByte
GetDiskFreeSpaceW
WriteFile
GetTimeZoneInformation
GetSystemTimeAsFileTime
HeapReAlloc
GetFullPathNameA
SetEvent
LocalFree
FormatMessageW
InitializeCriticalSection
OutputDebugStringW
FindClose
FormatMessageA
GetFullPathNameW
OutputDebugStringA
SetLastError
GetSystemTime
DeviceIoControl
WriteProcessMemory
TryEnterCriticalSection
HeapAlloc
GetVersionExA
SetConsoleOutputCP
FillConsoleOutputCharacterW
SetConsoleCtrlHandler
RtlVirtualUnwind
UnhandledExceptionFilter
MultiByteToWideChar
GlobalSize
FlushViewOfFile
LockFileEx
CreateThread
GetSystemDirectoryW
CreatePipe
SetUnhandledExceptionFilter
CreateMutexW
ClearCommError
SetHandleInformation
TerminateProcess
SetCurrentDirectoryW
VirtualQuery
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
HeapCreate
AreFileApisANSI
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
VirtualProtect
FlushFileBuffers
LoadLibraryA
CreateRemoteThread
UnlockFile
GetFileSize
OpenProcess
DeleteFileA
GetDateFormatW
ReadProcessMemory
DeleteFileW
GetProcAddress
GetConsoleScreenBufferInfo
VirtualProtectEx
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
GetFileSizeEx
ExpandEnvironmentStringsW
FindNextFileW
GetDiskFreeSpaceA
HeapValidate
GetComputerNameExW
CreateFileMappingA
FindFirstFileW
DuplicateHandle
CreateEventW
CreateFileW
RtlLookupFunctionEntry
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
GetComputerNameW
VirtualAllocEx
GetSystemInfo
lstrlenA
WaitForSingleObjectEx
lstrlenW
CreateProcessW
HeapCompact
LockFile
FileTimeToLocalFileTime
GetCurrentDirectoryW
VirtualFreeEx
GetCurrentProcessId
ProcessIdToSessionId
GetCurrentDirectoryA
HeapSize
GetCurrentThread
SetConsoleTitleW
RaiseException
MapViewOfFile
SetFilePointer
ReadFile
RtlCaptureContext
CloseHandle
UnlockFileEx
GetModuleHandleW
GetFileAttributesExW
UnmapViewOfFile
GetTempPathW
VirtualFree
Sleep
VirtualAlloc
NetStatisticsGet
NetShareEnum
DsGetDcNameW
NetApiBufferFree
NetRemoteTOD
NetSessionEnum
NetServerGetInfo
NetWkstaUserEnum
SysFreeString
VariantInit
SysAllocString
RpcRevertToSelf
RpcMgmtEpEltInqNextW
RpcMgmtEpEltInqDone
MesHandleFree
RpcMgmtStopServerListening
NdrMesTypeAlignSize2
RpcBindingToStringBindingW
RpcImpersonateClient
RpcStringBindingComposeW
RpcServerRegisterAuthInfoW
RpcBindingSetAuthInfoExW
RpcEpRegisterW
RpcBindingFree
RpcMgmtEpEltInqBegin
RpcServerInqBindings
UuidToStringW
NdrMesTypeEncode2
RpcStringFreeW
NdrServerCall2
NdrClientCall2
MesIncrementalHandleReset
I_RpcGetCurrentCallHandle
RpcMgmtWaitServerListen
MesEncodeIncrementalHandleCreate
MesDecodeIncrementalHandleCreate
RpcBindingInqAuthClientW
RpcServerUseProtseqEpW
UuidCreate
RpcBindingSetOption
RpcEpResolveBinding
RpcEpUnregister
RpcServerUnregisterIfEx
NdrMesTypeFree2
RpcServerRegisterIf2
RpcServerListen
RpcBindingFromStringBindingW
NdrMesTypeDecode2
I_RpcBindingInqSecurityContext
RpcBindingVectorFree
SamiChangePasswordUser
SamLookupDomainInSamServer
SamFreeMemory
SamQueryInformationUser
SamLookupNamesInDomain
SamOpenAlias
SamEnumerateDomainsInSamServer
SamEnumerateUsersInDomain
SamCloseHandle
SamOpenGroup
SamGetGroupsForUser
SamGetMembersInGroup
SamEnumerateGroupsInDomain
SamOpenUser
SamGetMembersInAlias
SamEnumerateAliasesInDomain
SamGetAliasMembership
SamLookupIdsInDomain
SamOpenDomain
SamSetInformationUser
SamConnect
SamRidToSid
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
CommandLineToArgvW
PathIsRelativeW
PathCanonicalizeW
PathCombineW
PathIsDirectoryW
PathFindFileNameW
LsaConnectUntrusted
DeleteSecurityContext
QueryContextAttributesW
LsaDeregisterLogonProcess
LsaLookupAuthenticationPackage
EnumerateSecurityPackagesW
LsaFreeReturnBuffer
AcquireCredentialsHandleW
FreeContextBuffer
InitializeSecurityContextW
LsaCallAuthenticationPackage
FreeCredentialsHandle
RegisterClassExW
CreateWindowExW
SendMessageW
UnregisterClassW
GetKeyboardLayout
ChangeClipboardChain
TranslateMessage
GetMessageW
DefWindowProcW
EnumClipboardFormats
GetClipboardData
DispatchMessageW
IsCharAlphaNumericW
CloseClipboard
PostMessageW
DestroyWindow
GetClipboardSequenceNumber
SetClipboardViewer
OpenClipboard
CreateEnvironmentBlock
DestroyEnvironmentBlock
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
WinStationQueryInformationW
WinStationFreeMemory
WinStationEnumerateW
WinStationConnectW
WinStationCloseServer
WinStationOpenServerW
Ord(113)
Ord(127)
Ord(140)
Ord(223)
Ord(142)
Ord(97)
Ord(301)
Ord(167)
Ord(203)
Ord(54)
Ord(88)
Ord(309)
Ord(26)
Ord(13)
Ord(157)
Ord(145)
Ord(133)
Ord(147)
Ord(77)
Ord(208)
Ord(122)
Ord(224)
Ord(139)
Ord(96)
Ord(12)
Ord(69)
Ord(310)
Ord(36)
Ord(79)
Ord(27)
Ord(304)
Ord(73)
Ord(14)
Ord(41)
SCardFreeMemory
SCardDisconnect
SCardGetAttrib
SCardEstablishContext
SCardListReadersW
SCardGetCardTypeProviderNameW
SCardConnectW
SCardControl
SCardListCardsW
SCardTransmit
SCardReleaseContext
A_SHAFinal
A_SHAInit
A_SHAUpdate
CDLocateCSystem
MD5Final
MD5Update
CDLocateCheckSum
CDGenerateRandomBits
MD5Init
ASN1_CreateEncoder
ASN1_FreeEncoded
ASN1_CreateModule
ASN1_CloseDecoder
ASN1_CloseModule
ASN1_CloseEncoder
ASN1_CreateDecoder
ASN1BERDotVal2Eoid
_wpgmptr
__wgetmainargs
mbtowc
wprintf
wctomb
memset
fclose
malloc
_setmode
isdigit
fflush
_fmode
__pioinfo
_amsg_exit
_itoa
isleadbyte
_errno
isxdigit
_wcsdup
vfwprintf
_snprintf
_XcptFilter
_commode
exit
__setusermatherr
getchar
isspace
_cexit
iswctype
?terminate@@YAXXZ
vwprintf
ferror
_fileno
gmtime
memcpy
_msize
_isatty
free
wcstombs
calloc
_write
realloc
_exit
__C_specific_handler
_lseeki64
__badioinfo
_wfopen
_read
strftime
__mb_cur_max
ungetc
_initterm
_iob
localeconv
fgetws
__set_app_type
I_NetServerTrustPasswordsGet
I_NetServerReqChallenge
I_NetServerAuthenticate2
RtlDowncaseUnicodeString
RtlCompressBuffer
RtlInitUnicodeString
NtSetSystemEnvironmentValueEx
RtlUpcaseUnicodeStringToOemString
wcstoul
wcschr
RtlGetCompressionWorkSpaceSize
_stricmp
RtlAppendUnicodeStringToString
RtlStringFromGUID
wcstol
strtoul
_wcstoui64
towupper
RtlFreeOemString
RtlFreeAnsiString
NtCompareTokens
RtlUnicodeStringToAnsiString
RtlGetNtVersionNumbers
NtTerminateProcess
memcmp
strrchr
NtQueryObject
RtlGUIDFromString
wcsrchr
RtlUpcaseUnicodeString
NtQuerySystemInformation
_wcsicmp
RtlEqualUnicodeString
RtlEqualString
_wcsnicmp
RtlAnsiStringToUnicodeString
NtQuerySystemEnvironmentValueEx
wcsncmp
RtlFreeUnicodeString
RtlCreateUserThread
_vsnprintf
RtlIpv6AddressToStringW
memmove
RtlIpv4AddressToStringW
__chkstk
NtResumeProcess
_vscwprintf
NtQueryInformationProcess
RtlAdjustPrivilege
wcsstr
NtSuspendProcess
RtlGetCurrentPeb
NtEnumerateSystemEnvironmentValuesEx
CoInitializeEx
CoCreateInstance
CoUninitialize
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 5
PE resources
ExifTool file metadata
SpecialBuild
lil :)

SubsystemVersion
5.2

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.1.1.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
mimikatz for Windows

ImageFileCharacteristics
Executable, Large address aware

CharacterSet
Unicode

InitializedDataSize
368128

PrivateBuild
Build with love for POC only

EntryPoint
0x807b8

OriginalFileName
mimikatz.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2007 - 2018 gentilkiwi (Benjamin DELPY)

FileVersion
2.1.1.0

TimeStamp
2018:12:09 23:57:07+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
mimikatz

ProductVersion
2.1.1.0

UninitializedDataSize
0

OSVersion
5.2

FileOS
Windows NT

Subsystem
Windows command line

MachineType
AMD AMD64

CompanyName
gentilkiwi (Benjamin DELPY)

CodeSize
550400

ProductName
mimikatz

ProductVersionNumber
2.1.1.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 50300de5e4786530ea603224ccbcbb02
SHA1 d343b0019084de2dd882e92a79a872370bc6028f
SHA256 23a243a1ce474c4da90b1003ffcbaf9a3ff25e0787844bfe74c21671fdd8b269
ssdeep
12288:XulOcf0V9D412xvPU/zXaBlWzrXp1URanmlWnD2Rviv8gxFx:XulOcsV9DK2J2aBcpsam5RvikgR

authentihash c65c94f78fdea99f248215b2c61fc3b7813199f1ac77dc765e92149c7df4f57e
imphash 66ee036df5fc1004d9ed5e9a94a1086a
File size 905.6 KB ( 927384 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (console) Mono/.Net assembly

TrID Win64 Executable (generic) (55.0%)
Microsoft Visual C++ compiled executable (generic) (32.9%)
OS/2 Executable (generic) (4.0%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Tags
64bits peexe assembly signed overlay

VirusTotal metadata
First submission 2018-12-11 08:07:06 UTC ( 4 months, 2 weeks ago )
Last submission 2019-04-24 13:24:12 UTC ( 1 day, 18 hours ago )
File names mimikatz.exe
mimikatz.exe
mimikatz_bis.exe
mimikatz.exe
mimikatz.exe
mimikatz.exe
mimikatz.exe
mimikatz.exe
mimikatz.exe
wjscript.exe
mimikatz
mimikatz.exe
mimi64 (4).exe
output.122859457.txt
mimikatz.exe
mimikatz.exe
mimikatz.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!