mimikatz | pkinit[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

pkinit.dll
Size

12KB
MD5

8dd7d9aae85e6380dfd2dda85b777319
SHA1

769bfffc0c8193292c23dfc9ce80c0398bbd26d4
SHA256

5ff76e5662f6de66134b7ee65a177179f9ad145f616b266a8886642631dfd547
SHA512

3828abf04b7e14601cbd7b7374c4603e9d7747bb112c566b6031861ec3fbac4456f039e05f8250addfeee2b93c9d2b09dc9fed8b76922495c6a2a12fd1c311e9
SSDEEP

192:8tMmsAorTNfsKlzXRECjbb3pGqMyifsCDL6Fb:Hrp0KlzBh3b39ifsc6F

Score

10^/10

mimikatz

Malware Config

Signatures

Mimikatz family
mimikatz

mimikatz is an open source tool to dump credentials on Windows 1 IoCs

resource	yara_rule
sample	mimikatz

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pkinit.dll

Files

pkinit.dll
.dll windows:6 windows x64 arch:x64

10c2cf1732ceb8beffd02bc0bf4cd848

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

advapi32

IsTextUnicode

vcruntime140

__std_type_info_destroy_list
memset
__C_specific_handler

api-ms-win-crt-stdio-l1-1-0

_wfopen
fflush
__stdio_common_vswprintf
__stdio_common_vfwprintf
fclose

api-ms-win-crt-heap-l1-1-0

free
malloc

api-ms-win-crt-runtime-l1-1-0

_initterm
_execute_onexit_table
_seh_filter_dll
_initterm_e
_cexit
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv

Exports

Exports

SpLsaModeInitialize

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

10c2cf1732ceb8beffd02bc0bf4cd848

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 516B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 56B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 516B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 56B