home

lsass.exe

Wi© 2016..

The executable lsass.exe has been detected as malware by 3 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘lsass-’.
Publisher:
Wi© 2016..

Product:
Wi© 2016..

Version:
1.3.3.3

MD5:
9b0d42871830d9c010df15d87b6a0b77

SHA-1:
b4c02b5d4ab6dfb290d8c0f44eae67c3261ed01b

SHA-256:
bebfa5cbe26b48c57261bed3a5cd959339614401d17923252703e8d48052c58b

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
5/4/2024 6:00:06 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Injector.FQT trojan
6.3.12010.0

F-Secure
Variant.Symmi.69555
5.16.24

Kaspersky
Trojan.Win32.Agent.nezcul
15.0.2.529

File size:
2.2 MB (2,323,456 bytes)

Product version:
1.3.3.3

Copyright:
Wi© 2016..

Original file name:
wrn.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\lsass.exe

File PE Metadata
Compilation timestamp:
2/25/2017 6:00:10 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x7F6E1

Entry point:
55, 8B, EC, 83, C4, F0, B8, 00, 10, 40, 00, E8, 01, 00, 00, 00, 9A, 83, C4, 10, 8B, E5, 5D, E9, 4F, 51, 4B, 00, DD, 6B, 2E, 49, 7A, 8D, 72, 98, 4C, DD, FC, 77, 7C, F7, 5C, 6D, 21, 47, 0F, 3B, 1B, C7, CF, 3A, E8, EA, 1A, 92, 30, 89, 50, 28, FC, 3A, 20, 19, 1E, C1, 51, A9, 2C, DC, EB, 11, 70, 2A, 37, 9A, C8, 20, 0D, D5, 41, FB, 03, D7, 3B, 5B, CB, 73, 49, 82, A7, 3F, 0C, F1, 83, 16, F3, F4, 1D, AD, 80, C1, 8F, AE, 3B, D2, 0D, 1D, 5C, A0, 3D, 3A, 06, 7C, 94, 8A, 1D, D7, AF, 40, B9, DC, E9, 33, 0B, D3, 30, 7E...
 
[+]

Entropy:
7.9008

Developed / compiled with:
Microsoft Visual C++

Code size:
758.5 KB (776,704 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
lsass-

Command:
"C:\ProgramData\lsass.exe"..


Remove lsass.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.