» lsass.exe
Overview
Analysis
File Details
Behaviors (1)

lsass.exe

Local Security Authority Process

Microsoft Corporation

It runs as a windows Service named “Encrypting File System (EFS)”.

File name:

lsass.exe

Publisher:

Microsoft Corporation (signed and verified)

Product:

Microsoft® Windows® Operating System

Description:

Local Security Authority Process

Part of the Windows Operating System

Version:

6.3.9600.17415 (winblue_r4.141028-1500)

MD5:

5466b90225ac0990df2bc96c90886e36

SHA-1:

60c8ac0e82994a509a0eded137ab306f8d5f0bf9

SHA-256:

533b1cf2a8698c5de97262a70912efbabccf3d8562b516dca3041d5b7fb78844

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

3/14/2025 5:00:43 PM UTC (today)

File size:

34.8 KB (35,616 bytes)

Product version:

6.3.9600.17415

Original file name:

lsass.exe

File type:

Executable application (Win32 EXE)

Language:

engleski (SAD)

Common path:

C:\Windows\System32\lsass.exe

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

4/22/2014 7:29:14 PM

Valid to:

7/22/2015 7:29:14 PM

Subject:

CN=Microsoft Windows Publisher, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

33000000287E6E0262D24588ED000000000028

File PE Metadata

Compilation timestamp:

10/29/2014 2:06:03 AM

OS version:

6.3

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

768:+065MXBWvVXQPJuCmhGWAStKKeTYEv+VUu1Pzy+fqU:+065MXqKPJaAStKjYEvZWPGU3

Entry address:

0x3190

Entry point:

E8, 09, FB, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, 8D, 45, F4, C7, 45, F8, 00, 00, 00, 00, 68, 10, 32, 40, 00, 68, 0C, 32, 40, 00, C7, 45, F4, 00, 00, 00, 00, 89, 45, FC, C7, 45, F0, 00, 00, 00, 00, FF, 15, 24, 70, 40, 00, 83, C4, 08, 85, C0, 0F, 85, FD, 09, 00, 00, 8D, 45, FC, 50, 8D, 45, F8, 50, E8, B6, FA, FF, FF, 68, 08, 32, 40, 00, 68, 04, 32, 40, 00, FF, 15, 20, 70, 40, 00, 8B, 55, FC, 8D, 45, F0, 8B, 4D, F8, 83, C4, 10, 50, E8, 17, 00, 00, 00, CC, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Code size:

17 KB (17,408 bytes)

Service

Display name:

Encrypting File System (EFS)

Service name:

EFS

Description:

Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files.

Type:

Win32ShareProcess

Depends on:

RPCSS

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.