Home / malware HackTool:Win32/Dump
First posted on 15 February 2019.
Source: MicrosoftAliases :
HackTool:Win32/Dump is also known as pwdump2, Virtool.PWDump.A, Win32/PSWTool.RAS.A, PWCrack-Pwdump, PWS:Win32/Dump.
Explanation :
HackTool:Win32/Dump is a command line tool that dumps password hashes from Windows NT's SAM(Security Accounts Manager) database. The dumped password hashes can be fed into an NT password auditing tool, such as L0phtCrack in order to recover the passwords of Windows NT users. HackTool:Win32/Dump injects a DLL component into the lsass.exe process. The DLL component searches and dumps the password hashes from the SAM database. The dumped hashes can be output to the console or a file. The DLL component may be detected as HackTool:Win32/Dump. Analysis by Shawn Wang
Last update 15 February 2019