
Rule Info
Name
Winnti_APT_Hdump_Tool
Author
Florian Roth
Description
Password dumper used by Winnti group - file pn.exe
Score
90
Reference
Internal Research
Date
2016-09-30
Modified
2025-03-14
Minimum Yara
4.0.0
Rule Hash
b7bc4234f427f855d3ef2a2bcf743735
Tags
['G0044', 'EXE', 'CHINA', 'FILE', 'APT', 'T1003']
Required Modules
[]
Virustotal Matches
Antivirus Verdicts
Rating
Number of Samples
Malicious (>= 10 engines)
4
Suspicious (< 10 engines)
3
Clean (0 engines)
0
Rule Matches
Timestamp
Positives
Total
Hash
VT