» lsass.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (5)

lsass.exe

Raize Software, Inc.

The executable lsass.exe, “CodeSite Tools 5.0” has been detected as malware by 40 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from ccc.cat and multiple other hosts.

File name:

lsass.exe

Publisher:

Raize Software, Inc.

Description:

CodeSite Tools 5.0

Version:

5.0

MD5:

3ecf858ffd7838e119df1f0fd820e434

SHA-1:

3b20a1b2b1b69dcf333a834c7032b75db3b84f6c

SHA-256:

e6f2ce9504f21ca87cebe235cc9b31ee9bb5843e0df424d7d5f1efbd45b7f58a

Scanner detections:

40 / 68

Status:

Malware

Analysis date:

4/26/2024 6:02:04 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Symmi.35738

5913030

Agnitum Outpost

Trojan.DR.Dapato

7.1.1

AhnLab V3 Security

Dropper/Win32.Dapato

2013.11.15

Avira AntiVirus

TR/Drop.Dapato.daqx.1

7.11.113.136

Arcabit

Trojan.Symmi.D8B9A

1.0.0.425

avast!

Win32:Napolar-E [Cryp]

150319-1

AVG

Dropper.Generic8

2016.0.3119

Baidu Antivirus

Trojan.Win32.Agent

4.0.3.1555

Bitdefender

Trojan.Agent.BAEK

1.0.20.625

Bkav FE

W32.DropperDapatoU.Trojan

1.3.0.6379

Comodo Security

Backdoor.Win32.Agent.CXI4

17273

Dr.Web

Trojan.PWS.Panda.4784

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Symmi.35738

9.0.0.4799

ESET NOD32

Win32/Agent.VAE trojan

7.0.302.0

Fortinet FortiGate

W32/Dapato.DAQX!tr

5/5/2015

F-Prot

W32/Dapato.E

4.6.5.141

F-Secure

Gen:Variant.Symmi.35738

5.13.68

G Data

Trojan.Agent.BAEK

15.5.22

herdProtect (fuzzy)

variant of photo_023-www.facebook.com.exe

2015.8.3.16

IKARUS anti.virus

Trojan-Dropper.Win32.Dapato

t3scan.2.0.127

K7 AntiVirus

Trojan

13.205.16276

Kaspersky

Trojan-Dropper.Win32.Dapato

15.0.0.543

Malwarebytes

Trojan.Agent.FICO

v2015.05.05.11

McAfee

W32/Napsolar-FHO!5336F8FBDCD8

5600.6775

Microsoft Security Essentials

Threat.Undefined

1.197.1467.0

MicroWorld eScan

Gen:Variant.Symmi.35738

16.0.0.375

NANO AntiVirus

Trojan.Win32.Dapato.ccrcpm

0.28.0.56174

Norman

Gen:Variant.Symmi.35738

03.12.2014 13:20:04

nProtect

Trojan-Dropper/W32.Dapato.116224.B

15.06.17.01

Panda Antivirus

Trj/dtcontx.G

15.05.05.11

Quick Heal

Trojan.ZAgent.ra

5.15.14.00

Reason Heuristics

Threat.Win.Reputation.IMP

15.7.17.0

Sophos

Virus 'Troj/Napolar-A'

5.13

SUPERAntiSpyware

Heur.Agent/Gen-GalPic[i]

9894

Trend Micro House Call

TROJ_GEN.R047H07IB13

7.2.125

Trend Micro

TROJ_NAPOLAR.AB

10.465.05

Vba32 AntiVirus

TrojanDropper.Dapato

3.12.24.3

VIPRE Antivirus

Threat.4791230

39486

ViRobot

Dropper.Dapato.116224

2011.4.7.4223

Zillya! Antivirus

Trojan.Fareit.Win32.2070

2.0.0.2231

File size:

113.5 KB (116,224 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\startup\lsass.exe

File PE Metadata

Compilation timestamp:

8/24/2013 6:39:40 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

3072:Hg9LXJ9aap4HNz7zpqOfv5VCdXx122xlbARkTRB:A9jJ9t4HJ7VP4nPxlbAkTR

Entry address:

0x50B4

Entry point:

55, 8B, EC, 83, C4, F0, B8, DC, 46, 40, 00, E8, 28, EB, FF, FF, E8, 93, F4, FF, FF, E8, 82, E5, FF, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

15.5 KB (15,872 bytes)

User Start Menu Item

Name:

lsass.exe

The file lsass.exe has been seen being distributed by the following 5 URLs.

http://ccc.cat/?gny5pgh8q358=c5ff544954f

http://tuvaustriahellas.gr/?ifzbsnfsle6j=d1ce5e

http://tuvaustriahellas.gr/?3ylmbk4o=d36e07f422ac2

http://tuvaustriahellas.gr/?8j8pgdxoma2r=1ff299

http://tuvaustriahellas.gr/?kkiy8zrx0gl=25bcaf72098cfb1e19b

Remove lsass.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.