Home / malware

PDF

HackTool:Win32/Dump

First posted on 18 May 2009.
Source: SecurityHome

Aliases :

HackTool:Win32/Dump is also known as Also Known As:pwdump2 (other), Virtool.PWDump.A (BitDefender), Win32/PSWTool.RAS.A (ESET), PWCrack-Pwdump (McAfee), PWS:Win32/Dump (Microsoft).

Explanation :

HackTool:Win32/Dump is a command line tool that dumps password hashes from Windows NT's SAM(Security Accounts Manager) database. The dumped password hashes can be fed into an NT password auditing tool, such as L0phtCrack to recover the passwords of Windows NT users.

Symptoms
There are no obvious symptoms that indicate the presence of this malware on an affected machine.

HackTool:Win32/Dump is a command line tool that dumps password hashes from Windows NT's SAM(Security Accounts Manager) database. The dumped password hashes can be fed into an NT password auditing tool, such as L0phtCrack in order to recover the passwords of Windows NT users. HackTool:Win32/Dump injects a DLL component into the lsass.exe process. The DLL component searches and dumps the password hashes from the SAM database. The dumped hashes can be output to the console or a file. The DLL component may be detected as HackTool:Win32/Dump.

Analysis by Shawn Wang

Last update 18 May 2009

 

TOP