home

lsass.exe

The executable lsass.exe has been detected as malware by 37 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘avpupdt’.
MD5:
3247fa767ccf5f69468b6796cd69b129

SHA-1:
fc48e6e89105fc01e8c3673dcc18be3674f0c92a

SHA-256:
9fc0bb0eeb378f6e832bfc8adc5c38063a30f7dd87933b3d96e5a04c24ddcca2

Scanner detections:
37 / 68

Status:
Malware

Analysis date:
4/26/2024 11:15:53 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Tyhos.A
5791462

Agnitum Outpost
Worm.Small
7.1.1

AhnLab V3 Security
HEUR/Fakon.mwf
2015.09.02

Avira AntiVirus
TR/Agent.18113
8.3.2.2

Arcabit
Win32.Tyhos.A
1.0.0.425

avast!
Evo-gen [Susp]
150828-0

AVG
Win32/DH{fQMJD2F+XA}
2016.0.2999

Bitdefender
Win32.Tyhos.A
1.0.20.1220

Comodo Security
TrojWare.Win32.Agent.181130
23139

Dr.Web
Trojan.Styho
9.0.1.05190

Emsisoft Anti-Malware
Win32.Tyhos
10.0.0.5366

ESET NOD32
Win32/Small.NCB worm
7.0.302.0

Fortinet FortiGate
W32/Tyhos.A
9/1/2015

F-Prot
W32/Bifrost.Q.gen
4.6.5.141

F-Secure
Win32.Tyhos.A
5.14.151

G Data
Win32.Tyhos
15.9.25

IKARUS anti.virus
Virus.Win32.Tyhos
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.2017075

Kaspersky
Virus.Win32.Tyhos
15.0.0.543

McAfee
Virus.W32/Worm-FOC!3247FA767CCF
17.6.569.0

Microsoft Security Essentials
Threat.Undefined
1.205.1163.0

MicroWorld eScan
Win32.Tyhos.A
16.0.0.732

NANO AntiVirus
Trojan.Win32.Tyhos.bdclx
0.30.24.3283

Norman
Win32.Tyhos.A
04.08.2015 10:30:46

nProtect
Win32.Tyhos.A
15.09.01.01

Panda Antivirus
Trj/Tyghos.A
15.09.01.04

Quick Heal
Trojan.Malex.F2
9.15.14.00

Rising Antivirus
PE:Trojan.Win32.Tyhops!1.6A78[F1]
23.00.65.15830

Sophos
Virus 'Mal/Packer'
5.15

SUPERAntiSpyware
Trojan.Agent/Gen-Small
9656

Total Defense
Win32/Tyhos.A
37.1.62.1

Trend Micro House Call
PAK_Generic.002
7.2.244

Trend Micro
PAK_Generic.002
10.465.01

Vba32 AntiVirus
Trojan.Genome.al
3.12.26.4

VIPRE Antivirus
Threat.4726277
42326

ViRobot
Trojan.Win32.Agent.23745[h]
2014.3.20.0

Zillya! Antivirus
Virus.Tyhos.Win32.1
2.0.0.2384

File size:
97.5 KB (99,840 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Windows\System32\6841200\lsass.exe

File PE Metadata
Compilation timestamp:
7/12/2007 6:09:54 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

CTPH (ssdeep):
192:SyfwFKEDFhlfwFKEDFhKvZLAmeFTr718JdBrZe:SyoFfvloFfvKvUB8XpZe

Entry address:
0x154

Entry point:
4D, 5A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 50, 45, 00, 00, 4C, 01, 02, 00, 5A, 78, 95, 46, 00, 00, 00, 00, 00, 00, 00, 00, E0, 00, 0F, 01, 0B, 01, 00, 00, 00, 0C, 00, 00, 00, 4C, 00, 00, 00, 00, 00, 00, 54, 01, 00, 00, 00, 10, 00, 00, 0C, 00, 00, 00, 00, 00, 40, 00, 00, 10, 00, 00, 00, 02, 00, 00, 04, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 00, 00, 00, A0, 01, 00, 00, 02, 00, 00, E3, 52, 01, 00, 02, 00, 00, 00, 00, 00, 10, 00, 00, 10, 00, 00, 00, 00, 10, 00, 00, 10, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
1.1106

Code size:
3 KB (3,072 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
avpupdt

Command:
C:\Windows\System32\6841200\avgupdt.exe


Remove lsass.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.