home

eventsentry_svc.exe

EventSentry

NETIKUS.NET ltd

It runs as a separate (within the context of its own process) windows Service named “EventSentry”.
Publisher:
NETIKUS.NET ltd  (signed and verified)

Product:
EventSentry

Description:
EventSentry Agent

Version:
2, 90, 0, 15

MD5:
b54c33ab3749447326b0f7917cbaa59d

SHA-1:
4a7d43d2c553c313c0534405506fee1f46421598

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/24/2024 5:09:14 AM UTC  (today)

File size:
1.8 MB (1,879,528 bytes)

Product version:
2, 90, 0, 0

Copyright:
Copyright (C) 2002 - 2009

Trademarks:
EventSentry

Original file name:
eventsentry_svc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\eventsentry_svc.exe

Digital Signature
Signed by:
NETIKUS.NET ltd

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
10/30/2008 12:00:00 AM

Valid to:
10/30/2010 11:59:59 PM

Subject:
CN=NETIKUS.NET ltd, OU=Secure Application Development, O=NETIKUS.NET ltd, L=Chicago, S=Illinois, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
1E460C695718A485580F74D9C4F1CB89

File PE Metadata
Compilation timestamp:
1/15/2009 5:01:56 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

CTPH (ssdeep):
49152:yfYg4In4WFt7pe4pUHTqttAR1zjGleTlcr:7cn4Ee4pUHTqtaKlB

Entry address:
0x1371B6

Entry point:
E8, F6, E8, 00, 00, E9, 40, FE, FF, FF, 53, 8B, 5C, 24, 08, 55, 33, ED, 3B, DD, 75, 04, 33, C0, EB, 3D, 56, 57, 53, E8, 18, 21, 00, 00, 8B, F0, 46, 56, E8, BB, F4, FF, FF, 8B, F8, 3B, FD, 59, 59, 74, 20, 53, 56, 57, E8, B1, 8D, 00, 00, 83, C4, 0C, 85, C0, 74, 0D, 55, 55, 55, 55, 55, E8, EF, E0, FF, FF, 83, C4, 14, 8B, C7, EB, 02, 33, C0, 5F, 5E, 5D, 5B, C3, 55, 8D, 6C, 24, 8C, 81, EC, C4, 00, 00, 00, A1, 10, 0F, 5B, 00, 33, C5, 89, 45, 70, 56, 8B, 75, 7C, 57, 33, FF, 3B, F7, 89, 7D, C0, 75, 1E, E8, 34, 79...
 
[+]

Entropy:
6.7238

Code size:
1.4 MB (1,435,648 bytes)

Service
Display name:
EventSentry

Description:
Monitors and consolidates your event logs, log files, services, disk space, performance, files and more.

Type:
Win32OwnProcess


Scan eventsentry_svc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.