Download
Community
knowledgeBase
» lsass.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)
lsass.exe
The executable lsass.exe has been detected as malware by 40 anti-virus scanners. While running, it connects to the Internet address ats.sbs.vip.bf1.yahoo.com on port 443.
File name:
lsass.exe
MD5:
e33cdb7bc85a599303a6716d0b9a6db7
SHA-1:
5417a44b343e67c72483acc60bfc2d09d3931646
SHA-256:
d425106858e4a0ea2c4f9ff87ccd707361cbfb65cca1fcc79cf09fcb1a01275f
Analysis
Scanner detections:
40 / 68
Status:
Malware
Analysis date:
5/3/2024 1:01:50 AM UTC
(today)
Scan engine
Detection
Engine version
Lavasoft Ad-Aware
Worm.Generic.87016
606
Agnitum Outpost
I-Worm.Brontok
7.1.1
AhnLab V3 Security
HEUR/Fakon.mwf
2015.06.07
Avira AntiVirus
WORM/Brontok.E.1
8.3.1.6
Arcabit
Worm.Generic.D153E8
1.0.0.425
avast!
Win32:Brontok-CE [Wrm]
2014.9-150609
AVG
I-Worm/Brontok.X
2016.0.3084
Baidu Antivirus
Trojan.Win32.Agent
4.0.3.1569
Bitdefender
Worm.Generic.87016
1.0.20.800
Bkav FE
W32.BrontokQ
1.3.0.6379
Clam AntiVirus
Worm.Brontok.H
0.98/21511
Comodo Security
Packed.Win32.Packer.~GEN
22360
Dr.Web
Win32.HLLM.Generic.440
9.0.1.0160
Emsisoft Anti-Malware
Worm.Generic.87016
8.15.06.09.02
ESET NOD32
Win32/Brontok.AS
9.11745
Fortinet FortiGate
W32/Brontok.Q@mm
6/9/2015
F-Prot
W32/EmailWorm.CLS
v6.4.7.1.166
F-Secure
Worm.Generic.87016
11.2015-09-06_3
G Data
Worm.Generic.87016
15.6.25
IKARUS anti.virus
Email-Worm.Win32.Brontok
t3scan.1.9.5.0
K7 AntiVirus
Trojan
13.204.16151
Kaspersky
Email-Worm.Win32.Brontok
14.0.0.1915
Malwarebytes
Trojan.Dropper
v2015.06.09.02
McAfee
W32/Rontokbro.worm
5600.6740
Microsoft Security Essentials
Worm:Win32/Brontok.BM@mm
1.1.11701.0
MicroWorld eScan
Worm.Generic.87016
16.0.0.480
NANO AntiVirus
Trojan.Win32.Brontok.ppjl
0.30.24.1636
Panda Antivirus
Trj/WLT.A
15.06.09.02
Qihoo 360 Security
Win32/Worm.Email-Worm.343
1.0.0.1015
Quick Heal
W32.Brontok.Q
6.15.14.00
Rising Antivirus
PE:Trojan.Win32.Mnless.dyr!1075184010
23.00.65.15607
Sophos
W32/Brontok-Gen
4.98
SUPERAntiSpyware
Unclassified.Unknown Origin
9825
Total Defense
Win32/ASuspect.HFAEN!genus
37.1.62.1
Trend Micro House Call
WORM_BRONTOK.FWC
7.2.160
Trend Micro
WORM_BRONTOK.FWC
10.465.09
Vba32 AntiVirus
Email-Worm.Brontok
3.12.26.4
VIPRE Antivirus
Email-Worm.Win32.Brontok.q
40886
ViRobot
I-Worm.Win32.Brontok.44448[h]
2014.3.20.0
Zillya! Antivirus
Worm.Brontok.Win32.489
2.0.0.2208
File Details
File size:
43.4 KB (44,448 bytes)
File type:
Executable application (Win32 EXE)
Common path:
C:\users\{user}\appdata\local\lsass.exe
File PE Metadata
OS version:
4.0
OS bitness:
Win32
Subsystem:
Windows GUI
Linker version:
5.12
CTPH (ssdeep):
768:rZYd/mil8ZcouS+QemRBxUPJftwBG72EvuAN5kTvCOTgUHv35BMCl:VYVmil8Z5xemR7StwMfuADyCGgUv5J
Entry address:
0x31B87
Entry point:
E9, C8, E5, FC, FF, 0C, 70, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 5E, 1B, 03, 00, 0C, 70, 02, 00...
[+]
Entropy:
7.3168
Packer / compiler:
RLPack FullEdition V1.1X
Code size:
512 Bytes (512 bytes)
Behaviors
Safe Boot Alternate Shell
Name:
cmd-brontok.exe
Network Communications
The executing file has been seen to make the following network communication in live environments.
TCP (HTTP SSL):
Connects to
ats.sbs.vip.bf1.yahoo.com
 (72.30.202.139:443)
Remove lsass.exe
- Powered by Reason Core Security
X