NisSrv.exe

  • File Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2009.7-0\NisSrv.exe
  • Description: Microsoft Network Realtime Inspection Service

Hashes

Type Hash
MD5 5260C83AD82BC4499D47706DCD0FE0CE
SHA1 3164093FC90E35F91F22E0E13B9C61813DC9D0B9
SHA256 5B33BB9040F40E2D5022E37F725471F39F14DD4A63EE945537BC0B899B583CE5
SHA384 3A62D58B11A7755649CDCB82B222784607948813B321778E4DDEE07933501026F9B65DCFD567159250B35E58F29893D0
SHA512 54150654C24AD355EEC9EEE23E04A9FFB6E647E08B636428C0EAAB98C8146518E0DF6B8283555892A0AD00B3AFF15ED14ACFE0C3942805BB490225DB2FA9F1FE
SSDEEP 49152:mpPSQp/ZXI2JUfibdj3zWsGDAKn0krn9P4joNxsr:m8M/fOmH
IMP 4A88B4C7C53D9C798CC06288F26F45D5
PESHA1 76A3C4C679F215C7B0347E163719717CFC234062
PE256 617D8F8CE8BC51685FF0C956C53CE64D901264A8C08E2F0D3329734351A4BAE3

Runtime Data

Loaded Modules:

Path
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2009.7-0\NisSrv.exe
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 330000024A0E8AFDF15C662D2B00000000024A
  • Thumbprint: 96384A7F5F1C438F32E2454697DC6D312A74517B
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows Publisher, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: NisSrv.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 4.18.2009.7 (WinBuild.160101.0800)
  • Product Version: 4.18.2009.7
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/69
  • VirusTotal Link: https://www.virustotal.com/gui/file/5b33bb9040f40e2d5022e37f725471f39f14dd4a63ee945537bc0b899b583ce5/detection/

Possible Misuse

The following table contains possible examples of NisSrv.exe being misused. While NisSrv.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_reg_disable_sec_services.yml - '\NisSrv' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.