SMB: PSEXEC Tool Detected

This signature detects attempts to upload psexec.exe, an SMB tool for uploading and executing programs interactively. This signature also can detect that the psexec.exe has already logged into the system; Psexec.exe can upload itself to the host only after successful login. Worms often use psexec.exe to propagate.

Extended Description

PsExec is a telnet-like administration software that takes advantage of Windows NT/2000 features. It could also be used as a hacking tool.

Short Name
SMB:TOOLS:PSEXEC
Severity
Minor
Recommended
False
Recommended Action
None
Category
SMB
Keywords
Detected PSEXEC Tool
Release Date
04/22/2003
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3375
False Positive
Unknown

Found a potential security threat?