We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
HackTool:Win64/PWDump
Detected by Microsoft Defender Antivirus
Aliases: Tool.Pwdump.127 (Dr.Web) Win32/PSWTool.PWDump6.A (ESET) not-a-virus:PSWTool.Win32.PWDump.lv (Kaspersky) Trj/WL-heur.A (Panda) Pwdump (Symantec) PWCrack-Pwdump (McAfee)
Summary
HackTool:Win64/PWDump is a tool used within a command-line interface on 64bit Windows computers to extract the NTLM (LanMan) hashes from "LSASS.exe" in memory.
Programs designated as Hacktool are generally installed intentionally by a computer user. Deleting the installed components will remove it. Alternatively, to detect and remove this software, run a full-system scan with an up-to-date antivirus product such as the following:
For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.
Follow us
