home

lsass.exe

Local Security Authority Process

Microsoft Corporation

It runs as a windows Service named “Encrypting File System (EFS)”. It is included with Windows 8.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft® Windows® Operating System

Description:
Local Security Authority Process

 
Part of the Windows 8.1 (Blue) Operating System

Version:
6.3.9431.0 (winmain_bluemp.130615-1214)

MD5:
355e261b1b3b74818e81db84d66f623e

SHA-1:
e639d59f73bc2fe73578ee1cd124261a6ca4a588

SHA-256:
5b1d25a96701fd4d3342b9a9ec4f7a0bf45dfe218e466cfac4f5d31ae2a28992

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/26/2024 10:13:57 PM UTC  (today)

File size:
44 KB (45,008 bytes)

Product version:
6.3.9431.0

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
lsass.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\lsass.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
3/13/2013 5:34:10 PM

Valid to:
6/13/2014 5:34:10 PM

Subject:
CN=Microsoft Windows Publisher, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
330000000AD7212BEC936743EB00000000000A

File PE Metadata
Compilation timestamp:
6/15/2013 6:58:56 PM

OS version:
6.3

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
768:rEteLOtq/UB8Npdz50HhXexYaWX1PHpKc+:rEteLO4/nNP+HhXexYaWPg1

Entry address:
0x456C

Entry point:
48, 83, EC, 28, E8, 1F, FF, FF, FF, 48, 83, C4, 28, EB, 09, CC, 90, 90, 90, 90, 90, 90, 90, 90, 4C, 8B, DC, 48, 83, EC, 28, 83, 64, 24, 30, 00, 49, 83, 63, 18, 00, 49, 83, 63, 20, 00, 49, 8D, 43, 18, 48, 8D, 15, 83, 00, 00, 00, 48, 8D, 0D, 74, 00, 00, 00, 49, 89, 43, 10, E8, BB, FE, FF, FF, 85, C0, 74, 0A, B8, FF, 00, 00, 00, 48, 83, C4, 28, C3, 48, 8D, 54, 24, 38, 48, 8D, 4C, 24, 30, E8, 9A, FE, FF, FF, 48, 8D, 15, 3F, 00, 00, 00, 48, 8D, 0D, 30, 00, 00, 00, E8, 9B, FE, FF, FF, 48, 8B, 54, 24, 38, 8B, 4C...
 
[+]

Entropy:
5.9091

Code size:
25 KB (25,600 bytes)

6 Services
Display name:
Encrypting File System (EFS)

Service name:
EFS

Description:
Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files.

Type:
Win32ShareProcess

Display name:
Logon de rede

Service name:
Netlogon

Type:
Win32ShareProcess

Display name:
Net Logon

Service name:
Netlogon

Type:
Win32ShareProcess

Display name:
CNG Key Isolation

Service name:
KeyIso

Description:
The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The s

Type:
Win32ShareProcess

Display name:
Netlogon

Type:
Win32ShareProcess

Display name:
Security Accounts Manager

Service name:
SamSs

Description:
The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being no

Type:
Win32ShareProcess


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.