NisSrv.exe

  • File Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2001.10-0\NisSrv.exe
  • Description: Microsoft Network Realtime Inspection Service

Hashes

Type Hash
MD5 5C0BF6EB90CAC1A5962D07646B0666B0
SHA1 CB506AA96F06F35BAA46B2E19626C18E1C235564
SHA256 A9C1546530183F9AF38F38ADAA531DF514E1E35EB62FC289D7F7AF27551D1979
SHA384 05D0FE53592BBB78070BC1CA40BE42E04D91EACDED594AFAF9AA8EE53CE63B176086240D30B9D5BC872A8D6554C76DE2
SHA512 3A811894467E8BAFD77F1028C269B15AEF38A7E48DABACE4A0EA1AE9E4F50C26824C5DC7F9E1C9941782CF7CB3A4B3C8E4CA0A2829C59BBAB283E3BAC8043E22
SSDEEP 49152:2k5mE897MNoMDbRTbkLIOjVvNwWZQ+RzUM6yC8r37Uncpgt:DcEgF2W6+FUqr37Tpgt

Signature

  • Status: Signature verified.
  • Serial: 3300000216CA389B93E0C73695000000000216
  • Thumbprint: 7D827CF26BD7A3AFA75051801568E35191389BF5
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows Publisher, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: NisSrv.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 4.18.2001.10 (WinBuild.160101.0800)
  • Product Version: 4.18.2001.10
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\NisSrv.exe 32

Possible Misuse

The following table contains possible examples of NisSrv.exe being misused. While NisSrv.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_reg_disable_sec_services.yml - '\NisSrv' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.