NisSrv.exe

  • File Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2004.6-0\NisSrv.exe
  • Description: Microsoft Network Realtime Inspection Service

Hashes

Type Hash
MD5 D6404DFDB734E1990E35A2BD1808C08A
SHA1 B7DA513396B12FCB7AFF834588DE1D1A081C3FD7
SHA256 C0327F8A52A181D3EFDB773D045E460E09D1CE32EF41F5B49E726A8151037D25
SHA384 F3921806BF0FF1BAE56C086D4B73C26E663B5A4D28A74D5975D3F2916D8E5C9C2F8C362A2F357BB9BBD7B89EF71E6FB5
SHA512 94EB0C534360C716F5A6280063223E02C840210F9F8BF1A52DD7CAB065F5912651BDDF0A7F161C8E4FF4448786B95693EAD40CA6CB5FBAAC6DA28B7A9F6C4F04
SSDEEP 49152:BkJTnMm2McXrkpFYCllKuIe5S307CTvME4kC8r37UnyZ:tbelKuur371Z

Signature

  • Status: Signature verified.
  • Serial: 330000024A0E8AFDF15C662D2B00000000024A
  • Thumbprint: 96384A7F5F1C438F32E2454697DC6D312A74517B
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows Publisher, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: NisSrv.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 4.18.2004.6 (WinBuild.160101.0800)
  • Product Version: 4.18.2004.6
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2001.10-0\NisSrv.exe 32

Possible Misuse

The following table contains possible examples of NisSrv.exe being misused. While NisSrv.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_reg_disable_sec_services.yml - '\NisSrv' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.