home

lsass.exe

smiir2015

The executable lsass.exe has been detected as malware by 4 anti-virus scanners. The file has been seen being downloaded from 55807193-134732981817953451.preview.editmysite.com.
Product:
smiir2015

Version:
1.0.0.0

MD5:
e2e938f072fba3959500278163366743

SHA-1:
2218d4e2614255209ea37e239ba9e8216f4e3eea

SHA-256:
a44e63cc31d213c738d8c541079b957635676b524e49f96b09c55db9088e2ca3

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
2/25/2025 2:53:45 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
160124-0

ESET NOD32
MSIL/Kryptik.EOO trojan
7.0.302.0

Kaspersky
Trojan.MSIL.Zapchast
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.213.4206.0

File size:
332 KB (339,968 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2015

Original file name:
smiir2015.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\lsass.exe

File PE Metadata
Compilation timestamp:
12/11/2015 4:32:40 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:PITneqiLCt0+eIBwVlv+xMpqyXWAFLEIHuYZvpG3G39r9YHezZXhpvfQej9XvlGX:cAswr9lm2EOoE+SH6vwoimCHC

Entry address:
0x541CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 88, DE, 6A, 56, 00, 00, 00, 00, 02, 00, 00, 00, 99, 00, 00, 00, 1C, 60, 05, 00, 1C, 26, 05, 00, 52, 53, 44, 53, 34, E3, EF, 57, 7C, 1E, B0, 4C, 83, 85, 53, 1B, 91, 00, 6D, 88, 01, 00, 00, 00, 43, 3A, 5C, 44, 6F, 63, 75, 6D, 65, 6E, 74, 73, 20, 61, 6E, 64, 20, 53, 65, 74, 74, 69, 6E, 67, 73, 5C...
 
[+]

Entropy:
5.7151

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
328.5 KB (336,384 bytes)

The file lsass.exe has been seen being distributed by the following URL.

http://55807193-134732981817953451.preview.editmysite.com/uploads/5/5/8/0/.../lsass.exe

Remove lsass.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.