» lsass.exe
Overview
Analysis
File Details
Network (3)

lsass.exe

The executable lsass.exe has been detected as malware by 8 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. While running, it connects to the Internet address 210.151.74.137.fr.axspace.com on port 80 using the HTTP protocol.

File name:

lsass.exe

Version:

0.0.0.0

MD5:

09e3cae972d534580bb01fe2c8195f95

SHA-1:

9c5450691dec97866cfba12123026ef459fac20c

SHA-256:

4c7565c589f652bd63c01712551fbf8a1f066869569f72166996c8c1051c3221

Scanner detections:

8 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

1/13/2025 4:48:53 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:SaliCode

160518-2

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

16.05.21

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

F-Prot

W32/Sality.E.gen

4.6.5.141

Microsoft Security Essentials

Threat.Undefined

1.219.2198.0

Norman

Win32.Sality.3

19.05.2016 05:17:13

VIPRE Antivirus

Threat.4721115

49494

File size:

685.5 KB (701,952 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

File PE Metadata

Compilation timestamp:

7/11/2007 1:21:32 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

12288:iM5DSN6aAH0XNXpRRGqBbZq7gGpWa7U8oico9hJMBex+gQL0:iM5D18NXvR9bqEGZNVlxnF

Entry address:

0x9B110

Entry point:

8A, FF, 87, EB, BA, 65, 2B, 87, C4, 42, 2A, C2, 4A, F2, 0F, AF, C3, 81, F6, BE, 65, 00, 00, C7, C1, 39, 34, 11, 61, F3, 15, B4, E1, 53, 45, F6, C3, 9A, 8D, 15, 8A, 05, 9D, B6, 23, E9, 68, 9A, 43, EF, 00, 69, F5, 90, BC, C6, 10, 69, C7, A5, 4E, A8, F5, E8, 39, 00, 00, 00, 8A, F2, 88, C0, FE, C5, 88, F5, 12, CF, 69, FE, 86, 6D, D7, C1, 3C, 03, 0F, BE, F6, 31, FE, 8D, 0D, 39, C0, FB, FF, 4F, 48, 8D, 1D, AC, F7, 73, 80, 81, C1, CE, 55, 04, 00, 81, D8, 66, A2, 73, 5D, 4B, 33, E9, 0F, B6, D0, 8B, FE, 69, FA, 56... 
[+]

Entropy:

7.3702

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to mailserver40.mylittledatacenter.com (144.76.167.153:80)

TCP (HTTP):

Connects to 93-89-224-9.fbs.com.tr (93.89.224.9:80)

TCP (HTTP):

Connects to 210.151.74.137.fr.axspace.com (137.74.151.210:80)

Remove lsass.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.