» lsass.exe
Overview
Analysis
File Details
Behaviors (1)

lsass.exe

Local Security Authority Process

Microsoft Corporation

It runs as a windows Service named “Encrypting File System (EFS)”.

File name:

lsass.exe

Publisher:

Microsoft Corporation (signed and verified)

Product:

Microsoft® Windows® Operating System

Description:

Local Security Authority Process

Part of the Windows Operating System

Version:

10.0.10240.17113 (th1.160906-1755)

MD5:

ba6613ad1345ba9250bbe3c2425ca55e

SHA-1:

ca0b7b24cb09ec452fb792b9f142dce9c21c5b11

SHA-256:

ca176b32589ae38d689f8730856cf10f4bd63cda04bdc17a700d02d32c2aa3e9

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

5/18/2024 1:55:32 AM UTC (today)

File size:

55 KB (56,336 bytes)

Product version:

10.0.10240.17113

Original file name:

lsass.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Windows\System32\lsass.exe

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

2/11/2016 6:18:25 PM

Valid to:

5/11/2017 7:18:25 PM

Subject:

CN=Microsoft Windows Publisher, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

33000000CC4EE86D1A15AF49950000000000CC

File PE Metadata

Compilation timestamp:

9/6/2016 10:11:08 PM

OS version:

10.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

12.10

CTPH (ssdeep):

1536:oD3YLh7w6IL5J4e1HlI9ubP9hcQU+0AvVqPHq:oLUh74tJIZCq/q

Entry address:

0x37C0

Entry point:

48, 83, EC, 28, E8, 63, 00, 00, 00, 48, 83, C4, 28, E9, 62, FF, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, 09, 88, 00, 00, 75, 10, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 01, C3, 48, C1, C9, 10, E9, 32, 01, 00, 00, CC, CC, CC, CC, CC, CC, FF, 25, 9E, 28, 00, 00, CC, CC, CC, CC, CC, CC, FF, 25, 8A, 28, 00, 00, CC, CC, CC, CC, CC, CC, 48, 89, 5C, 24, 20, 55, 48, 8B, EC, 48, 83, EC, 20, 48, 83, 65, 18, 00, 48, BB... 
[+]

Entropy:

5.9019

Code size:

19 KB (19,456 bytes)

Service

Display name:

Encrypting File System (EFS)

Service name:

EFS

Description:

Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files.

Type:

Win32ShareProcess

Depends on:

RPCSS

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.