EhStorAuthn.exe

  • File Path: C:\Windows\SysWOW64\EhStorAuthn.exe
  • Description: Microsoft Enhanced Storage Authentication Program

Hashes

Type Hash
MD5 FA27C3D81CC5E8E13913771FC785BC5B
SHA1 BC7C42C626C1CF87849D3273221E3F9772ED233D
SHA256 3E8E7238533A1E251C9C607D84890FFA02983F02D5911A79DF557E328801A5DA
SHA384 F367E8C71D63783BFD4285C043834120B9C9C06F6A5BFB157D90507940B010650FA43B35952762CE4D1CA8CE3FF190EB
SHA512 69650257DEA801FC8DA0BC3A9FBAB8EAADF6F0447382B44E94F52105CEAC9E7024C912C66C052A1D5E4A9F6A67DD924861F247EEA27A12E241457E08298C5111
SSDEEP 1536:hqxyFsH2GHvnKVcTbdWfC0oeomgPHA5kG9mQ7N6wMkNaAYG5n8sJlkWP:9o2GfKV8MK0oxPxQZDFcZIZJlD
IMP D8BEA4FEF46578B7424738F766C2A7CC
PESHA1 F4564CC26ECF30B2D4DDD071BD83C23A820B4965
PE256 AEE8AAAE42AA37481AE2BF8BD56E57D0E14E0A2A3E3905B029AB6497600207BC

Runtime Data

Child Processes:

explorer.exe

Loaded Modules:

Path
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll
C:\Windows\SysWOW64\EhStorAuthn.exe

Signature

  • Status: Signature verified.
  • Serial: 33000001C422B2F79B793DACB20000000001C4
  • Thumbprint: AE9C1AE54763822EEC42474983D8B635116C8452
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: EhStorAuthn.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.17763.1 (WinBuild.160101.0800)
  • Product Version: 10.0.17763.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/70
  • VirusTotal Link: https://www.virustotal.com/gui/file/3e8e7238533a1e251c9c607d84890ffa02983f02d5911a79df557e328801a5da/detection/

File Similarity (ssdeep match)

File Score
C:\WINDOWS\system32\EhStorAuthn.exe 41
C:\windows\system32\EhStorAuthn.exe 57
C:\Windows\system32\EhStorAuthn.exe 57
C:\Windows\system32\EhStorAuthn.exe 54
C:\Windows\system32\EhStorAuthn.exe 49
C:\WINDOWS\system32\EhStorAuthn.exe 54
C:\Windows\system32\EhStorPwdMgr.dll 60
C:\Windows\SysWOW64\EhStorAuthn.exe 69
C:\WINDOWS\SysWOW64\EhStorAuthn.exe 66
C:\WINDOWS\SysWOW64\EhStorAuthn.exe 65
C:\Windows\SysWOW64\EhStorAuthn.exe 65
C:\Windows\SysWOW64\EhStorPwdMgr.dll 66

MIT License. Copyright (c) 2020-2021 Strontic.