home

lsass.exe

Local Security Authority Process

Microsoft Corporation

It runs as a windows Service named “Encrypting File System (EFS)”.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft® Windows® Operating System

Description:
Local Security Authority Process

 
Part of the Windows Operating System

Version:
10.0.10586.589 (th2_release.160906-1759)

MD5:
04d54f94f613de3e0b70339a3fa130c7

SHA-1:
77fed6e41c13a7ec6327895425b6cce0b193257d

SHA-256:
28e46fd35fbb4e393688873ea2941fdea11ef792493dbce25a86ab1dc658923e

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
5/17/2024 7:51:36 PM UTC  (today)

File size:
41.9 KB (42,920 bytes)

Product version:
10.0.10586.589

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
lsass.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\lsass.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
2/12/2016 11:18:25 AM

Valid to:
5/12/2017 11:18:25 AM

Subject:
CN=Microsoft Windows Publisher, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
33000000CC4EE86D1A15AF49950000000000CC

File PE Metadata
Compilation timestamp:
9/7/2016 2:35:52 PM

OS version:
10.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.10

CTPH (ssdeep):
768:jX65nlP7UrKwpfGIOuvbxO0GRSiXkrT1PEiRKUz:jX65nBUrlGmbxO0GRSLPEin

Entry address:
0x31B0

Entry point:
E8, 69, 1C, 00, 00, E9, 06, 00, 00, 00, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 10, 8D, 45, F4, C7, 45, F8, 00, 00, 00, 00, 68, 0C, 10, 40, 00, 68, 08, 10, 40, 00, C7, 45, F4, 00, 00, 00, 00, 89, 45, FC, C7, 45, F0, 00, 00, 00, 00, FF, 15, 3C, 80, 40, 00, 83, C4, 08, 85, C0, 75, 2F, 8D, 45, FC, 50, 8D, 45, F8, 50, E8, FA, 1B, 00, 00, 68, 04, 10, 40, 00, 68, 00, 10, 40, 00, FF, 15, 38, 80, 40, 00, 8B, 55, FC, 8D, 45, F0, 8B, 4D, F8, 83, C4, 10, 50, E8, 17, 00, 00, 00, B8, FF, 00, 00, 00, 8B, E5...
 
[+]

Entropy:
6.4304

Code size:
23 KB (23,552 bytes)

Service
Display name:
Encrypting File System (EFS)

Service name:
EFS

Description:
Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files.

Type:
Win32ShareProcess

Depends on:
RPCSS


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.