Winnti_APT_Hdump_Tool

Rule Info

Name
Winnti_APT_Hdump_Tool
Author
Florian Roth
Description
Password dumper used by Winnti group - file pn.exe
Score
90
Reference
Internal Research
Date
2016-09-30
Modified
2025-03-14
Minimum Yara
4.0.0
Rule Hash
b7bc4234f427f855d3ef2a2bcf743735
Tags
['G0044', 'EXE', 'CHINA', 'FILE', 'APT', 'T1003']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/winnti_apt_hdump_tool/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
4
Suspicious (< 10 engines)
3
Clean (0 engines)
0

Rule Matches

Timestamp
Positives
Total
Hash
VT
2024-05-23 04:38:23
8
74
cf5739ac59dac84d94aa95123a18ed0cdeb58fbd3a42645580485808f6692a59
2024-03-16 01:05:11
4
71
48bdb774ad21b97a9a09f1ba3ba2daac5b6b5d765e7ac6324e485ab7312e99a0
2023-05-16 04:12:48
29
70
3fc6b07ab22dc5c7732b491418ca395dbe819423bda2b61b946013278a41df54
2023-02-21 19:44:47
17
70
64ab1c1b19682026900d060b969ab3c3ab860988733b7e7bf3ba78a4ea0340b9
2023-02-17 16:45:23
6
69
b4f2dd50bf5a65a71b89d490fc5e83aa60af5d4f62f451b7b5de58d152c838d6
2021-11-09 07:44:38
10
62
c17eda56d9a48bcb1beb20f47065da93c765dcb29b4f7f389d172f50292d0e4d
2021-04-11 11:11:34
27
70
724d0be8e7a56efca098e6e93aa8604b0df2b41a8a1569d9872bf9a043520f68
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022