Skip to main content
Microsoft Security Intelligence
Published Jun 21, 2016 | Updated Jan 13, 2021

HackTool:Win32/Mimikatz

Detected by Microsoft Defender Antivirus

Aliases: Mimikatz-DumpCreds (McAfee) Mimikatz Exploit Utility (PUA) (Sophos) Hacktool.Mimikatz (Symantec) Trojan.Generic.15297570 (F-secure) Riskware/Mimikatz (Fortinet) Exploit.Win32.Palsas (Ikarus) HackTool.Win32.Mimikatz.gen (Kaspersky) HKTL_MIMIKATZ (Trend Micro)

Summary

Mimikatz is a well-known hacktool used to extract Windows passwords in plain-text from memory, perform pass-the-hash attacks, inject code into remote processes, generate golden tickets, and more. This tool is used by red teams and real threat actors alike due to its powerful toolset and open-source nature allowing for easy modification. This tool is still regularly maintained and kept up to date with latest changes in Windows. Mimikatz is often delivered and executed without writing to disk (fileless) in an attempt to avoid detection. 

Use the following free Microsoft software to detect and remove this threat:

You should also run a full scan. A full scan might find hidden malware.

Use cloud protection

Use cloud protection to help guard against the latest malware threats. It’s turned on by default for Microsoft Security Essentials and Windows Defender for Windows 10. 

Go to All settings > Update & security > Windows Defender and make sure that your Cloud-based Protection settings is turned On.

Get more help

You can also see our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Follow us