» lsass.exe
Overview
Analysis
File Details

lsass.exe

Event Agent Setup

McGruff SafeGuard

File name:

lsass.exe

Publisher:

Event Agent (signed by McGruff SafeGuard)

Product:

Event Agent Setup

Description:

Local Security Authority Agent

Version:

4.10.0008

MD5:

c3f1eec8064169d84f9e300272b92be5

SHA-1:

db792350e07e8426f0bb4466a29d4a54ec130fb5

SHA-256:

52a7e7cb18feca1d151d5e94ce759e5c515acbee7c25f7dc88d0838864fa8142

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/19/2024 5:52:45 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

probably BACKDOOR.Trojan

9.0.1.05190

File size:

1.5 MB (1,527,472 bytes)

Product version:

4.10.0008

Original file name:

Lite.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Digital Signature

Signed by:

McGruff SafeGuard

Authority:

COMODO CA Limited

Valid from:

5/22/2012 1:00:00 AM

Valid to:

5/23/2014 12:59:59 AM

Subject:

CN=McGruff SafeGuard, O=McGruff SafeGuard, STREET=5900 Collins, L=Miami Beach, S=FL, PostalCode=33140, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

602A3764E40B9E2AFCB659A1515F9FBD

File PE Metadata

Compilation timestamp:

9/18/2012 8:24:41 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:09VpCHFVGXtWYHtrsC2hdEMsGKMT/WWrvl31T2xUbuLhZ0UTnwoVmj9UKCxiGRWL:a+G9NHGj/WWrvz2xUb8SR7b

Entry address:

0xCFF0

Entry point:

68, 50, E6, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, F8, BD, 7E, 3C, A5, 18, 6F, 44, 82, 7C, 03, 71, 61, 96, 6D, 83, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 70, 74, 69, 6F, 6E, 20, 4C, 69, 74, 65, 00, 63, 69, 74, 00, 00, 00, 00, 01, 00, 42, 00, 2C, E0, 41, 00, 00, 00, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, 00, 00, 00, 00, E0, EC, 41, 00, C8, 18, 57, 00, 00, 00, 00, 00, D8, FB, F7, 04, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 70, D0, 40, 00... 
[+]

Entropy:

5.9164

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

1.4 MB (1,507,328 bytes)

Scan lsass.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.