Analysis by: Jed Valderama
 PLATFORM:

Windows 2000, Windows XP, Windows Server 2003

 OVERALL RISK RATING:
 REPORTED INFECTION:
 SYSTEM IMPACT RATING:
 INFORMATION EXPOSURE:

  • Threat Type: Hacking Tool

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This hacking tool arrives as a file that exports the functions of other malware/grayware. It arrives as a component bundled with malware/grayware packages. It may be manually installed by a user.

It may be injected into processes running in memory.

  TECHNICAL DETAILS

Tamaño del archivo 229,360 bytes
Tipo de archivo DLL
Fecha de recepción de las muestras iniciales 07 Mar 2012

Arrival Details

This hacking tool arrives as a file that exports the functions of other malware/grayware.

It arrives as a component bundled with malware/grayware packages.

It may be manually installed by a user.

Installation

This hacking tool may be injected into processes running in memory.

NOTES:

This hacking tool may arrive in 32bit and 64bit versions.

Once injected to the process lsass.exe, it can be used to perform any of the following routines:

  • Dump LanMan and NTLM hashes
  • Dump account login details of different users in the machine.
  • Dump password hashes
  • Impersonate or end a Login session.