Riskware/PWDump
Analysis
Riskware/PWDump is a generic detection for a riskware, this is synonymous to Generic PUA or Generic PUP.
Since this is a generic detection, riskware that are detected as Riskware/PWDump may have varying behaviour.
Below are some of its observed characteristics/behaviours:
- Files detected as Riskware/PWDump fall under the category of password recovery tools and is classified as greyware.
- These files may potentially compromise or weaken a user's security by dumping the password hashes and details from certain applications/programs on the user's computer.
- Below are images of a password dumper:
- Figure 1: Password dumping tool.
- Following are some of the exact file hashes associated with this detection:
- Md5: 9d3d8504cd488acaa731cfdd48fe5851
Sha256: e7a6997e32ca09e78682fc9152455edaa1f9ea674ec51aecd7707b1bbda37c2f - Md5: 0762764e298c369a2de8afaec5174ed9
Sha256: a6cad2d0f8dc05246846d2a9618fc93b7d97681331d5826f8353e7c3a3206e86
- Md5: 9d3d8504cd488acaa731cfdd48fe5851
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |