NisSrv.exe

  • File Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2005.5-0\NisSrv.exe
  • Description: Microsoft Network Realtime Inspection Service

Hashes

Type Hash
MD5 34769907556F93CEACFDB497B83E1F4B
SHA1 3C6AEC9190185054D3243AF5A51F3B9704E150B0
SHA256 E64CDB010582A84A9A62BE84FC0A103AE3D5463474FA82735C69E052A5816A84
SHA384 EB57B5BBF5F911DFB704FA5D0E951EBEC560527E9B34AF9A6942DAC9431F3A4FC81FE00EBABD49BE2A81A47249A1A002
SHA512 110F87730FA198271AF2B056A7F809F73254611B8C17EAE3A9830706BD24B7493C2EF6EACE0A94ED308D576AA001715D65B27EB67B90B186649F945A21B031F9
SSDEEP 49152:it16SL9xxCjHdVCW3BKSaunaubdWRPZZXe1:66SkdACV1

Signature

  • Status: Signature verified.
  • Serial: 330000024A0E8AFDF15C662D2B00000000024A
  • Thumbprint: 96384A7F5F1C438F32E2454697DC6D312A74517B
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows Publisher, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: NisSrv.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 4.18.2005.5 (WinBuild.160101.0800)
  • Product Version: 4.18.2005.5
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of NisSrv.exe being misused. While NisSrv.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_reg_disable_sec_services.yml - '\NisSrv' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.