EhStorAuthn.exe

  • File Path: C:\Windows\system32\EhStorAuthn.exe
  • Description: Microsoft Enhanced Storage Authentication Program

Hashes

Type Hash
MD5 D45618E58303EDB4268A6CCA5EC99ECC
SHA1 1F8049FC5EA8B57BB68E19FB55CB9DC1E18E9513
SHA256 D527323643BE9DF4D174C3169C6F2C7854A59B781654BCAEBD154CB51FB4219C
SHA384 57DFE94E79211C3FC6D2D076729B70AC9CE0449CBDA3D7D2076C78A96104CA3F19714EE8DDBEA7B573BCBAB10FC516C0
SHA512 5D7AE663DCFEDFAF00836DC018131851E5A40778BD582B417B9F0BBD4BB6D1B2EB8F37F7F5A01CD2BEED78B6037EF6EB2A3290248D5E901173B1407990A202BD
SSDEEP 3072:Vf8h0Gfm1y0Mx3JOlaEHPxPxQZDFcZIZ:Vfu0i17OlaEJPxQZDFZ
IMP 781D28469BB74D268EAF05BBBB5DA822
PESHA1 9B4C98D9F3B8493396E42CDC5B906FC99F3903B4
PE256 14F4524AF26B09287AE096568356021C79062D833774BD292A19D5A28B54A512

Runtime Data

Loaded Modules:

Path
C:\Windows\System32\ADVAPI32.dll
C:\Windows\System32\combase.dll
C:\Windows\System32\CRYPT32.dll
C:\Windows\system32\EhStorAuthn.exe
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\System32\IMM32.DLL
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\ole32.dll
C:\Windows\System32\OLEAUT32.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\SHELL32.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\System32\USER32.dll
C:\Windows\system32\UxTheme.dll
C:\Windows\System32\win32u.dll
C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21\COMCTL32.dll

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: EhStorAuthn.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/74
  • VirusTotal Link: https://www.virustotal.com/gui/file/d527323643be9df4d174c3169c6f2c7854a59b781654bcaebd154cb51fb4219c/detection

File Similarity (ssdeep match)

File Score
C:\WINDOWS\system32\EhStorAuthn.exe 52
C:\windows\system32\EhStorAuthn.exe 54
C:\Windows\system32\EhStorAuthn.exe 44
C:\Windows\system32\EhStorAuthn.exe 46
C:\WINDOWS\system32\EhStorAuthn.exe 47
C:\Windows\system32\EhStorPwdMgr.dll 49
C:\Windows\SysWOW64\EhStorAuthn.exe 49
C:\WINDOWS\SysWOW64\EhStorAuthn.exe 47
C:\WINDOWS\SysWOW64\EhStorAuthn.exe 46
C:\Windows\SysWOW64\EhStorAuthn.exe 46
C:\Windows\SysWOW64\EhStorAuthn.exe 49
C:\Windows\SysWOW64\EhStorPwdMgr.dll 54

MIT License. Copyright (c) 2020-2021 Strontic.