home

lsass.exe

The executable lsass.exe has been detected as malware by 36 anti-virus scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from www.eng.su.ac.th and multiple other hosts.
MD5:
274da20e073b912e7bd97ddbd29bfbdd

SHA-1:
c9e1173baf2cddcc0f5b83487c3588de1d014077

SHA-256:
901f6fbd96fabc14f142dbd50d1e9c7fe8637749bb1a31dc45d11e60f3e10472

Scanner detections:
36 / 68

Status:
Malware

Analysis date:
12/28/2024 12:15:16 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.CryptRedol.Gen.1
341

Agnitum Outpost
Trojan.Agentb
7.1.1

AhnLab V3 Security
Trojan/Win32.Napolar
2015.11.29

Avira AntiVirus
TR/Crypt.ZPACK.Gen
8.3.2.4

Arcabit
Trojan.CryptRedol.Gen.1
1.0.0.624

avast!
Win32:Napolar-F [Cryp]
2014.9-160228

AVG
Downloader.Agent.15.R
2017.0.2819

Baidu Antivirus
Trojan.Win32.Agentb
4.0.3.16228

Bitdefender
Trojan.CryptRedol.Gen.1
1.0.20.295

Bkav FE
HW32.Packed
1.3.0.7383

Comodo Security
TrojWare.Win32.Injector.cej
23674

Dr.Web
Trojan.Hottrend.355
9.0.1.059

Emsisoft Anti-Malware
Trojan.CryptRedol.Gen
8.16.02.28.04

ESET NOD32
Win32/Napolar
10.12640

Fortinet FortiGate
W32/Napolar.A!tr
2/28/2016

F-Secure
Trojan.CryptRedol.Gen.1
11.2016-28-02_1

G Data
Trojan.CryptRedol.Gen
16.2.25

IKARUS anti.virus
Trojan-Downloader.Agent
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.17997

Kaspersky
Trojan.Win32.Agentb
14.0.0.591

Malwarebytes
Trojan.MalPack.SB
v2016.02.28.04

McAfee
PWS-Zbot.dx
5600.6475

Microsoft Security Essentials
VirTool:Win32/Injector.gen!EC
1.1.12300.0

MicroWorld eScan
Trojan.CryptRedol.Gen.1
17.0.0.177

NANO AntiVirus
Trojan.Win32.Agentb.dtqzts
0.30.26.4751

nProtect
Trojan.CryptRedol.Gen.1
15.11.27.01

Panda Antivirus
Trj/Dtcontx.G
16.02.28.04

Qihoo 360 Security
Win32/Trojan.029
1.0.0.1077

Quick Heal
Trojan.Napolar.r4
2.16.14.00

Sophos
Mal/Generic-S
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-GalPic
9296

Trend Micro House Call
TROJ_SPNR.35JA13
7.2.59

Trend Micro
TROJ_SPNR.35JA13
10.465.28

Vba32 AntiVirus
Malware-Cryptor.General.3
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
45484

Zillya! Antivirus
Trojan.Agentb.Win32.1682
2.0.0.2536

File size:
102 KB (104,448 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\startup\lsass.exe

File PE Metadata
Compilation timestamp:
9/7/2013 3:51:35 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

CTPH (ssdeep):
1536:zwMhHfdwdhcA1RUKxidZpbl1zzA2l9NB3xSZVUwdp6STdwaYJgBqsJugTA0Sd0Ik:5KhFUKxAZphZ91xu7McdqWF0gTA0Sq

Entry address:
0x1000

Entry point:
55, 8B, EC, E8, 58, 01, 00, 00, 50, 81, 3D, 00, 30, 40, 00, 11, 40, 00, 00, 74, 22, 6A, 10, 68, 00, 30, 40, 00, 68, 00, 80, 01, 00, 68, 10, 30, 40, 00, E8, 57, 00, 00, 00, FF, 05, 00, 30, 40, 00, 68, 09, 10, 40, 00, C3, 6A, 00, 6A, 01, 6A, 00, 68, 53, 10, 40, 00, 68, 0A, 35, 40, 00, C3, 6A, 00, 50, 50, 6A, 00, E8, 01, 01, 00, 00, 6A, 00, 6A, 01, 6A, 00, 68, 6A, 10, 40, 00, 68, 1A, 35, 40, 00, C3, 50, E8, FC, 00, 00, 00, 6A, 00, 6A, 01, 6A, 00, 6A, 00, B8, A2, 32, 40, 00, FF, 30, C3, 6A, 00, E8, D9, 00, 00...
 
[+]

Entropy:
7.9552

Developed / compiled with:
Microsoft Visual C++

Code size:
512 Bytes (512 bytes)

User Start Menu Item
Name:
lsass.exe


The file lsass.exe has been seen being distributed by the following 2 URLs.

http://www.eng.su.ac.th/?ggaan87q=78794ae288c2caefd2667e4d

http://huhmagazine.co.uk/?aot67yghq38d=d97d08f8fd2830618

Remove lsass.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.