» lsass.exe
Overview
Analysis
File Details
Behaviors (1)

lsass.exe

The executable lsass.exe has been detected as malware by 40 anti-virus scanners.

File name:

lsass.exe

MD5:

419bc356254ccc42c1e2cabdd0b09ff2

SHA-1:

9c02a6294383dde8a70fe332f4ab3b8ecbb5d789

SHA-256:

5dd3a2f26b9f74d3aaba5b7907b60acafcb364bad0ca7396e41600cfb698ace6

Scanner detections:

40 / 68

Status:

Malware

Analysis date:

5/2/2024 8:06:31 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.AutoIT.Injector.AP

-40

AegisLab AV Signature

Troj.W32.Gen.lNkP

2.1.4+

AhnLab V3 Security

Trojan/Win32.Cossta.C211827

3.8.3.16

Avira AntiVirus

TR/Crypt.XPACK.Gen

8.3.3.4

Arcabit

Trojan.AutoIT.Injector.AP

1.0.0.798

avast!

Win32:Napolar-D [Trj]

2014.9-170315

AVG

Generic35

2018.0.2438

Baidu Antivirus

Win32.Trojan.Napolar

4.0.3.17315

Bitdefender

Trojan.AutoIT.Injector.AP

1.0.20.370

Bkav FE

W32.OscoleF.Trojan

1.3.0.8876

Comodo Security

TrojWare.Win32.Kryptik.BLGK

26732

Dr.Web

Trojan.Hottrend.355

9.0.1.074

Emsisoft Anti-Malware

Trojan.AutoIT.Injector.AP

8.17.03.15.05

ESET NOD32

Win32/Napolar

11.15067

Fortinet FortiGate

W32/Cossta.A!tr

3/15/2017

F-Prot

W32/Napolar.A.gen

v6.4.7.1.166

F-Secure

Trojan:W32/Napolar.A

11.2017-15-03_4

G Data

Win32.Backdoor.Napolar

17.3.A:25.11112B:25.9052

IKARUS anti.virus

Trojan.Win32.Napolar

0.2.1.2

K7 AntiVirus

Trojan

13.10.4.22682

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.-1314

Malwarebytes

Trojan.Napolar

v2017.03.15.05

McAfee

Trojan-FDFI!419BC356254C

5600.6094

Microsoft Security Essentials

Trojan:Win32/Napolar.A

1.1.13504.0

MicroWorld eScan

Trojan.AutoIT.Injector.AP

18.0.0.222

NANO AntiVirus

Trojan.Win32.Cossta.cqikyo

1.0.70.15657

nProtect

Trojan/W32.Cossta.95232.B

17.03.10.02

Panda Antivirus

Trj/Napolar.A

17.03.15.05

Qihoo 360 Security

HEUR/QVM19.1.0000.Malware.Gen

1.0.0.1120

Quick Heal

Trojan.Napolar.A1

3.17.14.00

Rising Antivirus

Trojan.Generic (cloud:tSLOtkZ6dk)

23.00.65.17313

Sophos

Troj/Agent-AEKL

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Napolar

8534

Total Defense

Win32/Tnega.dYPTOW

37.1.62.1

Trend Micro House Call

BKDR_NAPOLAR.SM0

7.2.74

Trend Micro

BKDR_NAPOLAR.SM0

10.465.15

Vba32 AntiVirus

Trojan.Cossta

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Napolar.aa

56548

ViRobot

Trojan.Win32.Agent.95232.V[h]

2014.3.20.0

Zillya! Antivirus

Trojan.Cossta.Win32.8040

2.0.0.3230

File size:

93 KB (95,232 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\startup\lsass.exe

File PE Metadata

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

1.70

Entry address:

0x1000

Entry point:

55, 89, E5, 83, EC, 2C, E8, 00, 00, 00, 00, 58, 89, 45, FC, 90, FF, 4D, FC, 8B, 45, FC, 0F, B6, 00, 83, F8, 55, 75, F2, C7, 45, F8, 50, 7E, 00, 00, C7, 45, F4, 50, A2, 00, 00, C7, 45, F0, 66, 8E, 00, 00, C7, 45, EC, 96, 14, 00, 00, C7, 45, DC, 00, 00, 00, 00, C7, 45, E8, 00, 03, 00, 00, C7, 45, E4, D0, 00, 00, 00, C7, 45, E0, 00, 00, 00, 00, 8B, 45, FC, 8B, 55, F8, 01, D0, 89, 45, D8, 0F, B6, 00, 83, F8, 55, 74, 3D, 8B, 45, FC, 8B, 55, E4, 01, D0, 89, 45, D4, 6A, 04, 8B, 55, F4, 8B, 45, E8, 29, C2, 8B, 45... 
[+]

Code size:

92.5 KB (94,720 bytes)

User Start Menu Item

Name:

lsass.exe

Remove lsass.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.