You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello,
I'm using Loki to scan a memory dump and in some processes the information below is identified. Can you help me with this, what to consider in this case?
Hello,
I'm using Loki to scan a memory dump and in some processes the information below is identified. Can you help me with this, what to consider in this case?
[WARNING]
FILE: d:\name\System-4\files\modules\klupd_Kaspersky4Win-21-13_arkmon.sys SCORE: 70 TYPE: EXE SIZE: 345600
FIRST_BYTES: 4d5a90000300000004000000ffff0000b8000000 / <filter object at 0x000002014EA1DAE0>
MD5: e2987cf2e240fee721f05e0fe5207319
SHA1: 88104729caa79ad9e2ce6ce3b15335ae42c948d1
SHA256: 868ea7aeeffc822683a81f60a3a3d927328f80c39e050737ee8690b1aa1108fa CREATED: Sun Jul 23 17:34:44 2023 MODIFIED: Sun Jul 23 17:34:44 2023 ACCESSED: Sun Jul 23 17:34:44 2023
REASON_1: Yara Rule MATCH: hacktool_windows_mimikatz_modules SUBSCORE: 70
DESCRIPTION: Mimikatz credential dump tool: Modules REF: https://github.com/gentilkiwi/mimikatz AUTHOR: @fusionrace
MATCHES: $s2: 'mimidrv
Using Die (Detect It Easy) the following strings are identified in the klupd_Kaspersky4Win-21-13_arkmon.sys file:
Offset Size String Type
00032f10 09 A mimidrv.a
00032f20 13 A *\AMD64\MIMIDRV.PDB
00032f40 0f A \Device\mimidrv
The text was updated successfully, but these errors were encountered: