home

ntsvc.exe

Navigation

Navigation network co.,limited

The application ntsvc.exe, “Net Service Event Handler” by Navigation network co.,limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Net Service Event Handler”. This file is typically installed with the program searchult by Navigation.
Publisher:
Navigation Co., Ltd.  (signed by Navigation network co.,limited)

Product:
Navigation

Description:
Net Service Event Handler

Version:
2.0.1.7353

MD5:
5fe6634f39458f80228c0f35d6e92eb2

SHA-1:
66cb8f4c35697ee61a47d76bb2fbcc1718f1568a

SHA-256:
a05e21a8d3555cc59dba15f0bf88a6654085397b223d412c6239ef153abadb0d

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/20/2024 3:42:57 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.12.2.15

File size:
393.9 KB (403,320 bytes)

Product version:
2.0.1.7353

Copyright:
Navigation Copyright (C) 2013

Original file name:
ntsvc.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese

Common path:
C:\users\{user}\appdata\roaming\ntsvc\ntsvc.exe

Digital Signature
Signed by:
Navigation network co.,limited

Authority:
VeriSign, Inc.

Valid from:
2/18/2014 9:00:00 PM

Valid to:
2/19/2016 9:59:59 PM

Subject:
CN="Navigation network co.,limited", OU=Software Department, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Navigation network co.,limited", L=Hongkong, S=Hongkong, C=HK

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2617E71F3DD61639E291AD2D048E1D8A

File PE Metadata
Compilation timestamp:
2/17/2015 1:10:13 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:icg7jpQq5NxDhGThmR6hQj2M7vSciNK1rbWMdIMxKoUAF72:it7jpQqBhG4R6hQLvFiw1bWMvooxF72

Entry address:
0x2D7D8

Entry point:
E8, E7, DA, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, 3D, 40, F2, 45, 00, 00, 75, 75, 8B, 55, 08, 85, D2, 75, 17, E8, 44, 2B, 00, 00, C7, 00, 16, 00, 00, 00, E8, 82, 69, 00, 00, B8, FF, FF, FF, 7F, 5D, C3, 8B, 4D, 0C, 85, C9, 74, E2, 53, 56, 57, 6A, 41, 5F, 6A, 5A, 2B, D1, 5B, 0F, B7, 04, 0A, 66, 3B, C7, 72, 0D, 66, 3B, C3, 77, 08, 83, C0, 20, 0F, B7, F0, EB, 02, 8B, F0, 0F, B7, 01, 66, 3B, C7, 72, 0B, 66, 3B, C3, 77, 06, 83, C0, 20, 0F, B7, C0, 83, C1, 02, 66, 85, F6, 74, 05, 66, 3B, F0, 74, C8, 0F, B7...
 
[+]

Code size:
294 KB (301,056 bytes)

Service
Display name:
Net Service Event Handler

Service name:
Sed

Description:
Network service event handler for system.

Type:
Win32OwnProcess

Group:
Event log


The file ntsvc.exe has been discovered within the following program.

searchult  by Navigation
About 9% of users remove it
 
Powered by Should I Remove It?

Remove ntsvc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.