home

natsvc.exe

natsvc.exe

KGRID CO.,Ltd

It runs as a separate (within the context of its own process) windows Service named “NATService”.
Publisher:
Network Advanced Technology  (signed by KGRID CO.,Ltd)

Product:
natsvc.exe

Description:
Network Advanced Technology Program

Version:
3.2.0.7

MD5:
1f8c85efe8e12e5a9c7b999855643b12

SHA-1:
6de80d47a4b41112cdea05ef4287e8f652523cc6

SHA-256:
3a93d68d22dd3180fd38071b009ab817bd0477bfc9650d88b877eaeaa8b872f5

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/30/2024 9:27:21 PM UTC  (today)

File size:
2.2 MB (2,317,536 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
Korean (Korea)

Common path:
C:\Program Files\nat service\natsvc.exe

Digital Signature
Signed by:
KGRID CO.,Ltd

Authority:
Thawte, Inc.

Valid from:
10/6/2014 9:00:00 AM

Valid to:
11/6/2015 8:59:59 AM

Subject:
CN="KGRID CO.,Ltd", O="KGRID CO.,Ltd", L=Gangnam-gu, S=SEOUL, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
790E1499C3ED6DB264DC3D922B036FE4

File PE Metadata
Compilation timestamp:
9/16/2015 5:37:11 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:3T1tr1TAhmSHFRP+tUrKtF78RflWROxpNQddxm:3T1trafFRkUmtt5WN

Entry address:
0x1BDCC8

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, E0, 22, 5B, 00, E8, 17, CD, E4, FF, A1, F4, 63, 5C, 00, 8B, 00, 80, 78, 34, 00, 74, 10, A1, F4, 63, 5C, 00, 8B, 00, E8, BE, ED, EF, FF, 84, C0, 74, 0C, A1, F4, 63, 5C, 00, 8B, 00, 8B, 10, FF, 52, 38, 8B, 0D, 94, 69, 5C, 00, A1, F4, 63, 5C, 00, 8B, 00, 8B, 15, 54, 0B, 5B, 00, 8B, 18, FF, 53, 34, A1, F4, 63, 5C, 00, 8B, 00, 8B, 10, FF, 52, 3C, 5B, E8, 5C, 83, E4, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.4259

Developed / compiled with:
Microsoft Visual C++

Code size:
1.7 MB (1,819,648 bytes)

Service
Display name:
NATService

Type:
Win32OwnProcess


Scan natsvc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.