home

es_network_svc.exe

EventSentry

NETIKUS.NET ltd

It runs as a separate (within the context of its own process) windows Service named “EventSentry Network Services”.
Publisher:
NETIKUS.NET ltd  (signed and verified)

Product:
EventSentry

Description:
EventSentry Network Services

Version:
3.0.1.0

MD5:
81c2baaf78524e4970c4a6a344be5850

SHA-1:
356b5f8db5d65976457de8cfdc907a91c7c9f6a9

SHA-256:
275751794eb9127f64dd5d3fb3a7f1baa5a49ef06e3e1e9c6d80890fb4c171ad

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/26/2024 4:42:05 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
W32/Sality.AT
7.11.30.172

File size:
985.1 KB (1,008,696 bytes)

Product version:
3.0.1.0

Copyright:
Copyright (C) 2011-2013

Original file name:
es_network_svc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\syswow64\eventsentry\es_network_svc.exe

Digital Signature
Signed by:
NETIKUS.NET ltd

Authority:
Thawte, Inc.

Valid from:
9/7/2012 7:00:00 AM

Valid to:
10/30/2014 6:59:59 AM

Subject:
CN=NETIKUS.NET ltd, OU=Secure Application Development, O=NETIKUS.NET ltd, L=Chicago, S=Illinois, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
192EFF4EBD003B3F27CCFC9FAE43266C

File PE Metadata
Compilation timestamp:
2/26/2014 7:23:29 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
24576:iocsq610UnYH8mgnf1YJwYX54yHbrkOIKmGk/kCfqOoVtffz5XMLV4kIlq4dzC3l:tmH8mgnf1kX54yH84mBpRoVZfKKlq4da

Entry address:
0xA73CA

Entry point:
E8, 71, 07, 00, 00, E9, B3, FD, FF, FF, FF, 25, 88, 52, 4C, 00, CC, CC, CC, CC, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1, EB, D1...
 
[+]

Entropy:
6.5333

Code size:
782.5 KB (801,280 bytes)

Service
Display name:
EventSentry Network Services

Service name:
EventSentryNetworkServices

Description:
Hosts the EventSentry syslog and snmp trap daemon. This service needs to be running in order to receive syslog messages and SNMP traps.

Type:
Win32OwnProcess


Scan es_network_svc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.