virus logo Virus

Riskware/PWDump

description-logoAnalysis

Riskware/PWDump is a generic detection for a riskware, this is synonymous to Generic PUA or Generic PUP. Since this is a generic detection, riskware that are detected as Riskware/PWDump may have varying behaviour.
Below are some of its observed characteristics/behaviours:

  • Files detected as Riskware/PWDump fall under the category of password recovery tools and is classified as greyware.

  • These files may potentially compromise or weaken a user's security by dumping the password hashes and details from certain applications/programs on the user's computer.


  • Below are images of a password dumper:

    • Figure 1: Password dumping tool.


  • Following are some of the exact file hashes associated with this detection:
    • Md5: 9d3d8504cd488acaa731cfdd48fe5851
      Sha256: e7a6997e32ca09e78682fc9152455edaa1f9ea674ec51aecd7707b1bbda37c2f
    • Md5: 0762764e298c369a2de8afaec5174ed9
      Sha256: a6cad2d0f8dc05246846d2a9618fc93b7d97681331d5826f8353e7c3a3206e86

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
FortiClient
FortiAPS
FortiAPU
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2024-03-26 92.02804
2024-03-01 92.02046
2024-02-29 92.02027
2024-02-29 92.02022
2024-02-29 92.02011
2024-02-05 92.01302
2023-12-24 92.00013
2023-10-06 91.07611
2023-08-15 91.06054
2023-07-17 91.05185
ID 2971495
Released Jun 22, 2023
Description
Updated		 Aug 18, 2011
Aliases Win.Tool.PWDump-33,Misc.HackTool.PwDump
Platform Profile Riskware is a term for potentially unwanted or dangerous software programs that do not fall under Adware. They could be legitimate software applications that may be misused and pose possible security risks to users.