SecurityHome.eu HackTool:Win64/PWDump

Home / malware PDF

HackTool:Win64/PWDump

First posted on 04 November 2010.
Source: SecurityHome
Aliases :
HackTool:Win64/PWDump is also known as Tool.Pwdump.127 (Dr.Web), Win32/PSWTool.PWDump6.A (ESET), not-a-virus:PSWTool.Win32.PWDump.lv (Kaspersky), Trj/WL-heur.A (Panda), Pwdump (Symantec).
Explanation :
HackTool:Win64/PWDump is a tool used within a command-line interface on 64bit Windows computers to extract the NTLM (LanMan) hashes from "LSASS.exe" memory.
Top

HackTool:Win64/PWDump is a tool used within a command-line interface on 64bit Windows computers to extract the NTLM (LanMan) hashes from "LSASS.exe" memory. This tool may be used in conjunction with malware or other penetration testing tools to obtain credentials for use in Windows authentication systems.

Analysis by Vincent Tiu
Last update 04 November 2010

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20