» lsass.exe
Overview
Analysis
File Details

lsass.exe

The executable lsass.exe has been detected as malware by 28 anti-virus scanners.

File name:

lsass.exe

MD5:

2424da7770a2669d16b21f8b76e44b56

SHA-1:

462fcc8c5622ca78afd10e5198c268e904371f0c

SHA-256:

a9b47fa6cd0851bd5bcbf242376cee0d83eadccf60ee2d5c67b691ecf2af8c21

Scanner detections:

28 / 68

Status:

Malware

Analysis date:

4/28/2024 8:31:30 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win-Trojan/Agent.40960.RA

2010.06.16

Avira AntiVirus

TR/Crypt.FKM.Gen

8.2.2.6

Emsisoft A-Squared

Virus.Win32.Xorer!IK

5.0.0.26

avast!

Win32:Trojan-gen

2014.9-170313

AVG

Win32/Small.Z

2018.0.2441

Bitdefender

Trojan.Agent.Pagipef.B

1.0.20.360

Clam AntiVirus

W32.Pagipef-1

0.98/170.3

Comodo Security

Worm.Win32.Small.NAV

5116

Dr.Web

Trojan.Rox

9.0.1.072

ESET NOD32

Win32/Small.NAV

11.5199

Fortinet FortiGate

W32/Xorer.DR

3/13/2017

F-Prot

W32/Trojan.NHL

v6.4.6.0.103

F-Secure

Trojan.Agent.Pagipef.B

11.2017-13-03_2

G Data

Trojan.Agent.Pagipef

17.3.21

IKARUS anti.virus

Virus.Win32.Xorer

t3scan.1.1.84.0

Kaspersky

Virus.Win32.Xorer

14.0.0.-1301

McAfee

Generic VB

5600.6097

Microsoft Security Essentials

Virus:Win32/Xorer.gen!I

1.163.1557.0

Norman

W32/Smalltroj.CBNL

11.20170313

nProtect

Trojan.Agent.Pagipef.B

10.06.15.02

Panda Antivirus

Suspicious file

17.03.13.02

Prevx

Medium Risk Malware

3.0

Quick Heal

W32.Switch.A

3.17.10.00

Rising Antivirus

Worm.Diskgen.b

23.00.65.17311

Sophos

Mal/VB-A

4.54

Trend Micro House Call

PE_PAGIPEF.C-O

7.2.72

Trend Micro

PE_PAGIPEF.C-O

10.465.13

Vba32 AntiVirus

Virus.Win32.Xorer.gr

3.12.12.5

File size:

40 KB (40,960 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\windows\syswow64\com\lsass.exe

File PE Metadata

Compilation timestamp:

12/2/2006 7:00:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x4408

Entry point:

55, 8B, EC, 6A, FF, 68, 68, 55, 40, 00, 68, 94, 45, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 4C, 52, 40, 00, 59, 83, 0D, A0, 86, 40, 00, FF, 83, 0D, A4, 86, 40, 00, FF, FF, 15, 50, 52, 40, 00, 8B, 0D, 84, 86, 40, 00, 89, 08, FF, 15, 54, 52, 40, 00, 8B, 0D, 80, 86, 40, 00, 89, 08, A1, 58, 52, 40, 00, 8B, 00, A3, 9C, 86, 40, 00, E8, 1C, 01, 00, 00, 39, 1D, D8, 75, 40, 00, 75, 0C, 68, 90, 45, 40, 00, FF, 15, 5C, 52... 
[+]

Entropy:

5.1178

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

16 KB (16,384 bytes)

Remove lsass.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.