filename | lsass.exe | |
---|---|---|
size | 57880 (0xe218) | |
md5 | 568c5cbf9877f6b9e39d1e7ca0ff0a36 | |
type | PE32+ executable (GUI) x86-64, for MS Windows | |
mimetype | application/x-dosexec | |
clamav | OK | |
virustotal | → scan with virustotal.com | |
histogram |
MZ Header
signature | MZ |
bytes_in_last_block | 0x90 |
blocks_in_file | 3 |
num_relocs | 0 |
header_paragraphs | 4 |
min_extra_paragraphs | 0 |
max_extra_paragraphs | 0xffff |
ss | 0 |
sp | 0xb8 |
checksum | 0 |
ip | 0 |
cs | 0 |
reloc_table_offset | 0x40 |
overlay_number | 0 |
reserved0 | 0 |
oem_id | 0 |
oem_info | 0 |
reserved2 | 0 |
reserved3 | 0 |
reserved4 | 0 |
reserved5 | 0 |
reserved6 | 0 |
lfanew | 0xe8 |
Rich Header
lib id | version | times used |
---|---|---|
257 | 26213 | 4 |
259 | 26213 | 2 |
147 | 30729 | 37 |
1 | 0 | 116 |
269 | 26213 | 10 |
256 | 26213 | 1 |
260 | 26213 | 10 |
255 | 26213 | 1 |
258 | 26213 | 1 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Packer / Compiler
Sections
Data Directory
module_name | hint | ord | function_name |
---|---|---|---|
api-ms-win-core-crt-l1-1-0.dll | 85 | wcschr | |
api-ms-win-core-crt-l1-1-0.dll | 25 | _wcsicmp | |
api-ms-win-core-crt-l1-1-0.dll | 98 | wcstol | |
api-ms-win-core-crt-l1-1-0.dll | 23 | _vsnprintf_s | |
api-ms-win-core-crt-l1-1-0.dll | 64 | strcpy_s | |
api-ms-win-core-crt-l1-1-0.dll | 53 | memcpy | |
api-ms-win-core-crt-l1-1-0.dll | 57 | memset | |
api-ms-win-core-crt-l2-1-0.dll | 7 | _initterm_e | |
api-ms-win-core-crt-l2-1-0.dll | 13 | exit | |
api-ms-win-core-crt-l2-1-0.dll | 6 | _initterm | |
ntdll.dll | 1245 | RtlNtStatusToDosError | |
ntdll.dll | 1127 | RtlInitializeSid | |
ntdll.dll | 715 | RtlAllocateHeap | |
ntdll.dll | 409 | NtOpenFile | |
ntdll.dll | 407 | NtOpenEvent | |
ntdll.dll | 1124 | RtlInitializeResource | |
ntdll.dll | 1338 | RtlReleaseResource | |
ntdll.dll | 676 | RtlAcquireResourceShared | |
ntdll.dll | 1441 | RtlSubAuthoritySid | |
ntdll.dll | 592 | NtSetSecurityObject | |
ntdll.dll | 325 | NtDeviceIoControlFile | |
ntdll.dll | 1400 | RtlSetProcessIsCritical | |
ntdll.dll | 993 | RtlFreeSid | |
ntdll.dll | 883 | RtlDeriveCapabilitySidsFromName | |
ntdll.dll | 700 | RtlAddMandatoryAce | |
ntdll.dll | 1471 | RtlUnhandledExceptionFilter | |
ntdll.dll | 810 | RtlCreateAndSetSD | |
ntdll.dll | 576 | NtSetInformationProcess | |
ntdll.dll | 808 | RtlCreateAcl | |
ntdll.dll | 827 | RtlCreateSecurityDescriptor | |
ntdll.dll | 35 | DbgPrintEx | |
ntdll.dll | 1405 | RtlSetSaclSecurityDescriptor | |
ntdll.dll | 1397 | RtlSetOwnerSecurityDescriptor | |
ntdll.dll | 1383 | RtlSetDaclSecurityDescriptor | |
ntdll.dll | 1522 | RtlVirtualUnwind | |
ntdll.dll | 1226 | RtlLookupFunctionEntry | |
ntdll.dll | 746 | RtlCaptureContext | |
ntdll.dll | 1200 | RtlLeaveCriticalSection | |
ntdll.dll | 923 | RtlEnterCriticalSection | |
ntdll.dll | 213 | NtAllocateVirtualMemory | |
ntdll.dll | 579 | NtSetInformationThread | |
ntdll.dll | 352 | NtFreeVirtualMemory | |
ntdll.dll | 263 | NtConnectPort | |
ntdll.dll | 537 | NtRequestWaitReplyPort | |
ntdll.dll | 675 | RtlAcquireResourceExclusive | |
ntdll.dll | 251 | NtClose | |
ntdll.dll | 190 | NtAcceptConnectPort | |
ntdll.dll | 533 | NtReplyWaitReceivePort | |
ntdll.dll | 379 | NtListenPort | |
ntdll.dll | 261 | NtCompleteConnectPort | |
ntdll.dll | 287 | NtCreatePort | |
ntdll.dll | 989 | RtlFreeHeap | |
ntdll.dll | 1201 | RtlLengthRequiredSid | |
ntdll.dll | 682 | RtlAddAccessAllowedAce | |
ntdll.dll | 1203 | RtlLengthSid | |
ntdll.dll | 712 | RtlAllocateAndInitializeSid | |
ntdll.dll | 572 | NtSetInformationFile | |
ntdll.dll | 1105 | RtlInitUnicodeString | |
ntdll.dll | 1228 | RtlMakeSelfRelativeSD | |
RPCRT4.dll | 303 | NdrServerCall2 | |
RPCRT4.dll | 493 | RpcServerUseProtseqEpW | |
RPCRT4.dll | 478 | RpcServerRegisterIf3 | |
RPCRT4.dll | 473 | RpcServerListen | |
RPCRT4.dll | 304 | NdrServerCallAll | |
RPCRT4.dll | 68 | I_RpcMapWin32Status | |
api-ms-win-core-errorhandling-l1-1-0.dll | 12 | SetErrorMode | |
api-ms-win-core-errorhandling-l1-1-0.dll | 5 | GetLastError | |
api-ms-win-core-errorhandling-l1-1-0.dll | 15 | SetUnhandledExceptionFilter | |
api-ms-win-core-errorhandling-l1-1-0.dll | 13 | SetLastError | |
api-ms-win-core-errorhandling-l1-1-0.dll | 17 | UnhandledExceptionFilter | |
api-ms-win-core-handle-l1-1-0.dll | 2 | DuplicateHandle | |
api-ms-win-core-handle-l1-1-0.dll | CloseHandle | ||
api-ms-win-core-io-l1-1-0.dll | 4 | DeviceIoControl | |
api-ms-win-core-libraryloader-l1-2-0.dll | 24 | LoadLibraryExW | |
api-ms-win-core-libraryloader-l1-2-0.dll | 21 | GetProcAddress | |
api-ms-win-core-registry-l1-1-0.dll | 14 | RegEnumKeyExW | |
api-ms-win-core-registry-l1-1-0.dll | 30 | RegOpenKeyExW | |
api-ms-win-core-registry-l1-1-0.dll | RegCloseKey | ||
api-ms-win-core-registry-l1-1-0.dll | 37 | RegQueryValueExW | |
api-ms-win-core-heap-obsolete-l1-1-0.dll | 8 | LocalAlloc | |
api-ms-win-core-heap-obsolete-l1-1-0.dll | 10 | LocalFree | |
api-ms-win-security-base-l1-1-0.dll | 58 | GetTokenInformation | |
api-ms-win-core-processthreads-l1-1-0.dll | 10 | GetCurrentProcess | |
api-ms-win-core-processthreads-l1-1-0.dll | 8 | ExitThread | |
api-ms-win-core-processthreads-l1-1-0.dll | 44 | TlsAlloc | |
api-ms-win-core-processthreads-l1-1-0.dll | 5 | CreateThread | |
api-ms-win-core-processthreads-l1-1-0.dll | 46 | TlsGetValue | |
api-ms-win-core-processthreads-l1-1-0.dll | 42 | TerminateProcess | |
api-ms-win-core-processthreads-l1-1-0.dll | 47 | TlsSetValue | |
api-ms-win-core-processthreads-l1-1-0.dll | 26 | OpenProcessToken | |
api-ms-win-core-processthreads-l1-1-0.dll | 13 | GetCurrentThreadId | |
api-ms-win-core-processthreads-l1-1-0.dll | 11 | GetCurrentProcessId | |
api-ms-win-core-processenvironment-l1-1-0.dll | 18 | SetEnvironmentVariableW | |
api-ms-win-core-processenvironment-l1-1-0.dll | 11 | GetEnvironmentVariableW | |
api-ms-win-core-synch-l1-1-0.dll | 6 | CreateEventW | |
api-ms-win-core-synch-l1-1-0.dll | 21 | OpenEventW | |
api-ms-win-core-synch-l1-1-0.dll | 31 | SetEvent | |
api-ms-win-core-threadpool-l1-2-0.dll | 9 | CreateThreadpool | |
api-ms-win-core-threadpool-l1-2-0.dll | 1 | CancelThreadpoolIo | |
api-ms-win-core-threadpool-l1-2-0.dll | 11 | CreateThreadpoolIo | |
api-ms-win-core-threadpool-l1-2-0.dll | 30 | StartThreadpoolIo | |
api-ms-win-core-threadpool-l1-2-0.dll | 24 | SetThreadpoolThreadMaximum | |
api-ms-win-core-threadpool-l1-2-0.dll | 32 | TrySubmitThreadpoolCallback | |
api-ms-win-core-sysinfo-l1-1-0.dll | 7 | GetSystemInfo | |
api-ms-win-core-sysinfo-l1-1-0.dll | 13 | GetTickCount | |
api-ms-win-core-sysinfo-l1-1-0.dll | 10 | GetSystemTimeAsFileTime | |
api-ms-win-core-profile-l1-1-0.dll | QueryPerformanceCounter | ||
api-ms-win-core-windowserrorreporting-l1-1-0.dll | 10 | WerSetFlags | |
api-ms-win-core-delayload-l1-1-0.dll | DelayLoadFailureHook | ||
api-ms-win-core-delayload-l1-1-1.dll | 1 | ResolveDelayLoadedAPI |
ord | entry_va | function_name | |
---|---|---|---|
1 | 0x2870 | LsaGetInterface | |
2 | 0x1160 | LsaImpersonateKsecCaller | |
3 | 0x4170 | LsaRegisterExtension | |
4 | 0x41f0 | LsaRegisterInterface |
StringTable 040904B0
CompanyName | Microsoft Corporation |
FileDescription | Local Security Authority Process |
FileVersion | 10.0.17763.1 (WinBuild.160101.0800) |
InternalName | lsass.exe |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | lsass.exe |
ProductName | Microsoft® Windows® Operating System |
ProductVersion | 10.0.17763.1 |
VS_FIXEDFILEINFO
FileVersion | 10.0.17763.1 |
ProductVersion | 10.0.17763.1 |
StrucVersion | 0x10000 |
FileFlagsMask | 0x3f |
FileFlags | 0 |
FileOS | 0x40004 |
FileType | 2 |
FileSubtype | 0 |
Signers (1)
issuer: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Windows Production PCA 2011
serial: 33000001A90F2D80C9A929387C0000000001A9
Certificates (2)
Certificate: Data: Version: 3 (0x2) Serial Number: 33:00:00:01:a9:0f:2d:80:c9:a9:29:38:7c:00:00:00:00:01:a9 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 Validity Not Before: Jun 6 18:57:19 2018 GMT Not After : May 29 18:57:19 2019 GMT Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Publisher Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:9d:a9:43:93:dd:10:f3:d2:f9:79:7e:c6:d8:53: 9a:c8:89:ca:e5:16:f1:79:b1:af:99:f4:69:d0:8d: ce:e8:c3:c0:b8:b5:82:2d:48:6f:75:1e:8e:fb:e9: ee:f6:06:de:f7:b6:34:0f:17:4e:31:54:c8:ba:96: b3:db:42:23:9e:b2:5b:f7:21:53:fc:1b:f4:9e:f8: 1d:84:df:ec:46:ad:6e:5f:5a:bf:4f:3b:e7:1a:ba: 3e:73:f6:fb:58:0c:2c:a4:b7:b8:52:82:21:f2:3c: 9c:9e:49:1c:cf:fa:28:81:51:09:00:12:40:2b:6c: 6a:4d:a4:73:4b:20:04:74:aa:6e:0e:3a:96:f1:8b: b6:d7:2c:c0:76:ab:ff:7e:70:bf:c6:09:38:57:1a: fb:24:73:bf:29:36:31:98:9f:2e:9e:1f:9e:9f:c2: 63:da:31:04:34:b9:9d:a2:5f:d7:7a:0c:de:e7:8c: fb:35:8c:ae:f5:92:a7:e0:f5:9b:f8:b0:67:fc:4a: ce:44:25:23:68:0f:3e:eb:18:52:96:1a:59:3f:86: 3c:ce:30:59:fe:e5:67:de:5c:1b:aa:0e:9a:8c:1b: cd:b5:14:4d:fe:0c:fe:37:f6:d9:ab:0f:8e:95:d3: 9d:a4:36:1e:b1:12:cb:8c:d9:ae:b9:38:99:ad:6d: 16:cd Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Extended Key Usage: 1.3.6.1.4.1.311.10.3.22, 1.3.6.1.4.1.311.10.3.6, Code Signing X509v3 Subject Key Identifier: D2:6C:BF:C2:9D:E2:29:44:B5:C8:6F:C4:0D:02:59:52:68:99:DC:DF X509v3 Subject Alternative Name: DirName:/OU=Microsoft Ireland Operations Limited/serialNumber=230280+436116 X509v3 Authority Key Identifier: keyid:A9:29:02:39:8E:16:C4:97:78:CD:90:F9:9E:4F:9A:E1:7C:55:AF:53 X509v3 CRL Distribution Points: Full Name: URI:http://www.microsoft.com/pkiops/crl/MicWinProPCA2011_2011-10-19.crl Authority Information Access: CA Issuers - URI:http://www.microsoft.com/pkiops/certs/MicWinProPCA2011_2011-10-19.crt X509v3 Basic Constraints: critical CA:FALSE Signature Algorithm: sha256WithRSAEncryption 8d:f6:c8:84:83:e6:a5:9d:aa:c0:da:c6:d4:03:62:8f:42:8e: cb:7c:a7:3c:ad:1f:da:af:62:a6:98:c6:1a:ae:50:77:6c:06: 0c:49:aa:82:5e:b7:65:55:69:e2:83:7e:52:ad:28:41:be:c0: e6:7d:56:67:dd:48:e1:6e:ee:fb:c1:24:cd:ab:b2:8e:9e:c6: 3a:89:2e:c3:64:09:f5:64:4d:a7:db:e0:e2:9f:8b:ec:cb:07: 29:46:05:e9:b7:cf:8e:8d:a6:41:fa:6e:f4:84:7b:ef:ca:7e: 49:15:53:eb:1e:6e:6a:2d:3e:c6:9f:0a:8d:af:8a:6e:51:69: 20:2c:5d:3b:17:28:4f:b0:5c:1f:d9:89:3d:01:45:90:0f:04: f7:84:2c:99:42:a6:fe:4e:ce:1e:42:18:3e:24:37:3c:45:4b: 03:5a:75:3d:d4:93:3d:74:02:bf:a8:04:2a:f6:e5:4a:fc:56: 84:c5:d6:5a:56:2f:a0:01:8e:65:8a:f7:14:87:ce:fd:52:4d: 35:d8:83:8d:45:9e:c4:ed:e7:13:b6:15:4c:e6:df:2a:4c:0b: f9:78:9b:74:cf:87:9f:57:46:9a:d6:48:8c:0f:d5:b3:8e:f7: a7:5b:08:e8:fb:c6:5f:cd:64:8f:ec:e2:32:3a:db:94:ba:6d: 17:81:29:75
Certificate: Data: Version: 3 (0x2) Serial Number: 61:07:76:56:00:00:00:00:00:08 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010 Validity Not Before: Oct 19 18:41:42 2011 GMT Not After : Oct 19 18:51:42 2026 GMT Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:dd:0c:bb:a2:e4:2e:09:e3:e7:c5:f7:96:69:bc: 00:21:bd:69:33:33:ef:ad:04:cb:54:80:ee:06:83: bb:c5:20:84:d9:f7:d2:8b:f3:38:b0:ab:a4:ad:2d: 7c:62:79:05:ff:e3:4a:3f:04:35:20:70:e3:c4:e7: 6b:e0:9c:c0:36:75:e9:8a:31:dd:8d:70:e5:dc:37: b5:74:46:96:28:5b:87:60:23:2c:bf:dc:47:a5:67: f7:51:27:9e:72:eb:07:a6:c9:b9:1e:3b:53:35:7c: e5:d3:ec:27:b9:87:1c:fe:b9:c9:23:09:6f:a8:46: 91:c1:6e:96:3c:41:d3:cb:a3:3f:5d:02:6a:4d:ec: 69:1f:25:28:5c:36:ff:fd:43:15:0a:94:e0:19:b4: cf:df:c2:12:e2:c2:5b:27:ee:27:78:30:8b:5b:2a: 09:6b:22:89:53:60:16:2c:c0:68:1d:53:ba:ec:49: f3:9d:61:8c:85:68:09:73:44:5d:7d:a2:54:2b:dd: 79:f7:15:cf:35:5d:6c:1c:2b:5c:ce:bc:9c:23:8b: 6f:6e:b5:26:d9:36:13:c3:4f:d6:27:ae:b9:32:3b: 41:92:2c:e1:c7:cd:77:e8:aa:54:4e:f7:5c:0b:04: 87:65:b4:43:18:a8:b2:e0:6d:19:77:ec:5a:24:fa: 48:03 Exponent: 65537 (0x10001) X509v3 extensions: 1.3.6.1.4.1.311.21.1: ... X509v3 Subject Key Identifier: A9:29:02:39:8E:16:C4:97:78:CD:90:F9:9E:4F:9A:E1:7C:55:AF:53 1.3.6.1.4.1.311.20.2: . .S.u.b.C.A X509v3 Key Usage: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Authority Key Identifier: keyid:D5:F6:56:CB:8F:E8:A2:5C:62:68:D1:3D:94:90:5B:D7:CE:9A:18:C4 X509v3 CRL Distribution Points: Full Name: URI:http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl Authority Information Access: CA Issuers - URI:http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt Signature Algorithm: sha256WithRSAEncryption 14:fc:7c:71:51:a5:79:c2:6e:b2:ef:39:3e:bc:3c:52:0f:6e: 2b:3f:10:13:73:fe:a8:68:d0:48:a6:34:4d:8a:96:05:26:ee: 31:46:90:61:79:d6:ff:38:2e:45:6b:f4:c0:e5:28:b8:da:1d: 8f:8a:db:09:d7:1a:c7:4c:0a:36:66:6a:8c:ec:1b:d7:04:90: a8:18:17:a4:9b:b9:e2:40:32:36:76:c4:c1:5a:c6:bf:e4:04: c0:ea:16:d3:ac:c3:68:ef:62:ac:dd:54:6c:50:30:58:a6:eb: 7c:fe:94:a7:4e:8e:f4:ec:7c:86:73:57:c2:52:21:73:34:5a: f3:a3:8a:56:c8:04:da:07:09:ed:f8:8b:e3:ce:f4:7e:8e:ae: f0:f6:0b:8a:08:fb:3f:c9:1d:72:7f:53:b8:eb:be:63:e0:e3: 3d:31:65:b0:81:e5:f2:ac:cd:16:a4:9f:3d:a8:b1:9b:c2:42: d0:90:84:5f:54:1d:ff:89:ea:ba:1d:47:90:6f:b0:73:4e:41: 9f:40:9f:5f:e5:a1:2a:b2:11:91:73:8a:21:28:f0:ce:de:73: 39:5f:3e:ab:5c:60:ec:df:03:10:a8:d3:09:e9:f4:f6:96:85: b6:7f:51:88:66:47:19:8d:a2:b0:12:3d:81:2a:68:05:77:bb: 91:4c:62:7b:b6:c1:07:c7:ba:7a:87:34:03:0e:4b:62:7a:99: e9:ca:fc:ce:4a:37:c9:2d:a4:57:7c:1c:fe:3d:dc:b8:0f:5a: fa:d6:c4:b3:02:85:02:3a:ea:b3:d9:6e:e4:69:21:37:de:81: d1:f6:75:19:05:67:d3:93:57:5e:29:1b:39:c8:ee:2d:e1:cd: e4:45:73:5b:d0:d2:ce:7a:ab:16:19:82:46:58:d0:5e:9d:81: b3:67:af:6c:35:f2:bc:e5:3f:24:e2:35:a2:0a:75:06:f6:18: 56:99:d4:78:2c:d1:05:1b:eb:d0:88:01:9d:aa:10:f1:05:df: ba:7e:2c:63:b7:06:9b:23:21:c4:f9:78:6c:e2:58:17:06:36: 2b:91:12:03:cc:a4:d9:f2:2d:ba:f9:94:9d:40:ed:18:45:f1: ce:8a:5c:6b:3e:ab:03:d3:70:18:2a:0a:6a:e0:5f:47:d1:d5: 63:0a:32:f2:af:d7:36:1f:2a:70:5a:e5:42:59:08:71:4b:57: ba:7e:83:81:f0:21:3c:f4:1c:c1:c5:b9:90:93:0e:88:45:93: 86:e9:b1:20:99:be:98:cb:c5:95:a4:5d:62:d6:a0:63:08:20: bd:75:10:77:7d:3d:f3:45:b9:9f:97:9f:cb:57:80:6f:33:a9: 04:cf:77:a4:62:1c:59:7e
undefined method `first' for #
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
everything is OK