File Search: 

ThreatExpert's awareness of the file "lsass.exe":

Across all ThreatExpert reports, the file "lsass.exe" was mostly identified as a threat.
File "lsass.exe" has the following statistics:
Total number of reports analysed611,932
Number of cases that involved the file "lsass.exe"4,847
Number of incidents when this file was found to be a threat4,594
Statistical volume of cases when "lsass.exe" was a threat95%
Please enable javascript to display the chart.
Notes:
  • Please note that the name of the file should NOT be used to define if it is legitimate or not. Such determination can only be made by observing its dynamic behaviour.
  • In order to check a file, please submit it to ThreatExpert.
  • For a comprehensive pro-active protection against threats, please consider ThreatFire - our behavioral antivirus solution.
The file "lsass.exe" is known to be created under the following filenames:
%AllUsersProfile%\cncdown.exe
%AllUsersProfile%\documentsread1st.exe
%AppData%\%username%.task\chasnah.exe
%AppData%\%username%.task\csrss.exe
%AppData%\%username%.task\lsass.exe
%AppData%\%username%.task\server.exe
%AppData%\%username%.task\services.exe
%AppData%\%username%.task\smss.exe
%AppData%\1.exe
%AppData%\blaah.exe
%AppData%\br6657on.exe
%AppData%\calc.exe
%AppData%\codecsetup.exe
%AppData%\codecsetup3788.exe
%AppData%\codecsetup4127.exe
%AppData%\codecsetup6400.exe
%AppData%\codecsetup8536.exe
%AppData%\cp_setup_assist.exe
%AppData%\csrss.exe
%AppData%\cuda.exe
%AppData%\dealassistant\dauninstall.exe
%AppData%\digifast\dfuninstall.exe
%AppData%\dv6173880x\yesbron.com
%AppData%\explorer.exe
%AppData%\hose.exe
%AppData%\idtemplate.exe
%AppData%\ijango_toolbar_installer.exe
%AppData%\inetinfo.exe
%AppData%\jalak-931738815-bali.com
%AppData%\ldr.exe
%AppData%\lsass.exe
%AppData%\microsoft\cd burning\coolworld.exe
%AppData%\microsoft\dtsc\t.exe
%AppData%\microsoft\lsass.exe
%AppData%\microsoft\office71\vhchk.exe
%AppData%\microsoft\windows\ernsjyi.exe
%AppData%\microsoft\windows\jjcmdrj.exe
%AppData%\microsoft\windows\lsass.exe
%AppData%\microsoft\windows\nheste.exe
%AppData%\microsoft\windows\nxmwp.exe
%AppData%\microsoft\windows\rwmgh.exe
%AppData%\microsoft\windows\security\user0.exe
%AppData%\microsoft\windows\tbljxjk.exe
%AppData%\microsoft\windows\vohth.exe
%AppData%\microsoft\windows\vvpmyvaw.exe
%AppData%\mxplay\temp\mxplay_installer.exe
%AppData%\ntcom.dll
%AppData%\nthead.dll
%AppData%\pak-5593.exe
%AppData%\pak-5594.exe
%AppData%\pak-5595.exe
%AppData%\pak-5596.exe
%AppData%\pak-5597.exe
%AppData%\pak-5598.exe
%AppData%\pak-5599.exe
%AppData%\pak-5600.exe
%AppData%\pak-5601.exe
%AppData%\pak-5602.exe
%AppData%\pak-5603.exe
%AppData%\pkcnv.exe
%AppData%\salehoo\auctionalert\_tmp\aa.exe
%AppData%\salehoo\salehooalert\_tmp\aa.exe
%AppData%\scvhost.exe
%AppData%\services.exe
%AppData%\silverlight\silverlight.exe
%AppData%\skynet\muonline\_cw0srv.exe
%AppData%\skynet\muonline\234672.exe
%AppData%\skynet\muonline\239874.exe
%AppData%\skynet\muonline\293874.exe
%AppData%\skynet\muonline\345674.exe
%AppData%\skynet\muonline\345676.exe
%AppData%\skynet\muonline\435627.exe
%AppData%\skynet\muonline\543978.exe
%AppData%\skynet\muonline\546783.exe
%AppData%\smss.exe
%AppData%\speedrunner\sruninstall.exe
%AppData%\svchost.exe
%AppData%\svchost32.exe
%AppData%\systemproc\lsass.exe
%AppData%\temp.dll
%AppData%\truesword4.exe
%AppData%\wefisetup.exe
%AppData%\winbutler\winbuninstaller.exe
%AppData%\winbutler\winbutler.exe
%AppData%\windows.exe
%AppData%\windows\csrss.exe
%AppData%\windows\lsass.exe
%AppData%\windows\services.exe
%AppData%\windows\smss.exe
%AppData%\windows\winlogon.exe
%AppData%\winlogon.exe
%AppData%\wintouch\wintouch.exe
%AppData%\wintouch\wtuninstaller.exe
%AppData%\wrar380d.exe
%AppData%\yeah\yeah374809.exe
%CommonAppData%\38001914.exe
%CommonAppData%\3810eef8.exe
%CommonAppData%\381751d0.exe
%CommonAppData%\388f0900.exe
%CommonAppData%\38d3ff69.exe
Notes:
  • %AllUsersProfile% is a variable that specifies the all users' profile folder. By default, this is C:\Documents and Settings\All Users (Windows NT/2000/XP).
  • %AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
  • %CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.

The file "lsass.exe" has the following possible countries of origin:
OriginNumber of Incidents
United Kingdom5,079
China437
Russian Federation97
Brazil57
Belgium23
Spain12
Germany10
Ukraine9
Ireland4
Saudi Arabia3
France2
Iran1
Israel1
Netherlands1
Philippines1
Poland1

The following threats are known to be associated with the file "lsass.exe":
Threat AliasNumber of Incidents
W32/Rontokbro.gen@MM [McAfee]80,497
Email-Worm.Win32.Brontok.n [Kaspersky Lab]78,036
W32.Rontokbro.U@mm [Symantec]74,721
WORM_BRONTOK.BA [Trend Micro]69,220
Worm.Brontok.BA [PC Tools]33,554
Worm.Brontok.BK [PC Tools]29,327
Worm.Brontok.Gen!Pac.3 [PC Tools]13,645
WORM_RONTKBR.GEN [Trend Micro]9,076
Worm.Win32.VB.ck [Kaspersky Lab]4,794
W32/YahLover.worm [McAfee]4,765
W32.SillyFDC [Symantec]3,979
W32.Rontokbro.X@mm [Symantec]3,844
W32.Rontokbro@mm [Symantec]3,767
Trojan.Agent.lsass [Ikarus]2,700
I-Worm.Brontok.AY [PC Tools]2,529
W32.SillyDC [Symantec]2,470
WORM_SOHANAD.FI [Trend Micro]2,450
WORM_VB.FQO [Trend Micro]2,312
Mal/Generic-A [Sophos]2,133
WORM_BRONTOK.IE [Trend Micro]2,020
PE_PARITE.A [Trend Micro]1,811
Virus.Win32.Parite.b [Kaspersky Lab]1,810
W32/Pate.b [McAfee]1,810
Win32.Parite.B [PC Tools]1,802
Email-Worm.Win32.Brontok.N [Ikarus]1,560
W32/Zaflen.a [McAfee]1,073
Worm.VB.FKF [PC Tools]1,071
Worm.Win32.VB.gr [Kaspersky Lab]1,025
W32/Rontokbr-A [Sophos]939
I-Worm.Brontok.BM [PC Tools]680
Trojan Horse [Symantec]555
Worm.VB.GUE [PC Tools]490
W32/Brontok-AE [Sophos]431
Email-Worm.Win32.Brontok.q [Kaspersky Lab]363
PE_FLUENZA.ART-O [Trend Micro]345
Worm.Brontok.Gen.1 [PC Tools]331
TrojanClicker:Win32/Hatigh.C [Microsoft]268
Win32.Xorer.Gen [PC Tools]266
Backdoor.Trojan [Symantec]222
Mal/EncPk-KP [Sophos]217
Gen.Packed [Ikarus]210
Generic.dx [McAfee]210
IRC/Client [McAfee]200
Packed.Generic.233 [Symantec]198
not-a-virus:Client-IRC.Win32.mIRC.603 [Kaspersky Lab]196
Generic.dx!fml [McAfee]189
Trojan.Generic [PC Tools]189
Packed/FSG [PC Tools]172
Backdoor.IRCBot [PC Tools]168
Worm.VB.FWG [PC Tools]162
WORM_VB.EIQ [Trend Micro]162
Win32.SuspectCrc [Ikarus]158
Win32.Sality.AA [PC Tools]151
W32.Sality.X [Symantec]149
W32/Sality.ac [McAfee]148
Virus.Win32.Sality.s [Kaspersky Lab]137
W32/Brontok-Gen, W32/Brontok-Gen, Mal/Packer, Mal/Behav-024 [Sophos]131
W32/Virut.gen [McAfee]131
Downloader [Symantec]127
Mal/Xorer-A [Sophos]125
not-a-virus:Client-IRC.Win32.mIRC [Ikarus]123
Win-Trojan/MircPack.1790464 [AhnLab]122
Troj/Agent-MEJ [Sophos]120
Trojan.Win32.Swisyn.eg [Kaspersky Lab]120
Bloodhound.Unknown [Symantec]115
W32.Lunalight@mm [Symantec]115
W32.Pagipef.I!inf [Symantec]114
Mal/Zlob-AG [Sophos]113
W32/Generic.e [McAfee]104
Email-Worm.Brontok!sd5 [PC Tools]96
Trojan.Win32.Dursg [Ikarus]92
Virus.Win32.Xorer.dr [Ikarus]91
W32/Brontok-Gen, W32/Brontok-Gen, Mal/Behav-024 [Sophos]91
Trojan:Win32/Dursg.C [Microsoft]89
WORM_MOONLIGHT.C [Trend Micro]88
Virus.Win32.VB.bp [Kaspersky Lab]85
Virus.Win32.Virut.q [Kaspersky Lab]84
Email-Worm.Win32.VB.cp [Kaspersky Lab]83
PE_SALITY.AL [Trend Micro]83
Suspicious.MH690 [Symantec]83
Virus.Win32.Banker.CYL [Ikarus]82
W32/Brontok-Gen, W32/Brontok-Gen, Mal/Behav-024, Mal/Heuri-D, Mal/Emogen-N [Sophos]82
Adware.VirtuMonde [Symantec]81
Trojan.Win32.VB.oqz [Kaspersky Lab]81
PE_RUNGBU.E [Trend Micro]79
Trojan-Clicker.Win32.Hatigh [Ikarus]79
WORM_AUTORUN.TI [Trend Micro]76
Trojan-Downloader.Win32.Suurch.awk [Kaspersky Lab]75
W32/Lovelet-AD [Sophos]75
WORM_VB.CBS [Trend Micro]75
Worm:Win32/Zaflen.A@mm [Microsoft]74
W32/Brontok-Gen, W32/Brontok-Gen, Mal/Emogen-N, Mal/Heuri-D [Sophos]73
Trojan-Downloader.Win32.Zlob [Ikarus]71
PE_PAGIPEF.BY [Trend Micro]70
W32/Fujacks [McAfee]70
Generic Downloader.s [McAfee]67
Virus.Win32.Xorer.ey [Kaspersky Lab]67
Worm.AutoRun.BX [PC Tools]66
Troj/Agent-MFC [Sophos]64
W32/Autorun.worm.g [McAfee]63