home

nxtsvc.exe

Nexthink Collector

Nexthink S.A.

It runs as a separate (within the context of its own process) windows Service named “Nexthink Collector Service”.
Publisher:
Nexthink S.A.  (signed and verified)

Product:
Nexthink Collector

Description:
Nexthink Collector Service

Version:
6.1.0.29

MD5:
97f0bdeeb3cf218116de423b73edc484

SHA-1:
41b1ca64ed01b1f899b607afc341e643876f18d0

SHA-256:
3144b14d6540576f1d03b52a173d0b2f7a96f9873bac990797398d6f97e913c7

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 1:26:26 PM UTC  (today)

File size:
645.6 KB (661,144 bytes)

Product version:
6.1.0.29

Copyright:
Copyright (C) 2015 Nexthink S.A.

Original file name:
nxtsvc.exe

File type:
Executable application (Win64 EXE)

Language:
Arabic (Egypt)

Common path:
C:\Windows\System32\nxtsvc.exe

Digital Signature
Signed by:
Nexthink S.A.

Authority:
VeriSign, Inc.

Valid from:
2/10/2014 2:00:00 AM

Valid to:
3/7/2016 1:59:59 AM

Subject:
CN=Nexthink S.A., OU=R&D, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Nexthink S.A., L=Lausanne, S=Vaud, C=CH

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
38C621B59EB483BEC12163E1147BFE7E

File PE Metadata
Compilation timestamp:
11/12/2015 3:02:23 PM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
12.0

CTPH (ssdeep):
6144:DpWJ1fJw4ps7CtlOG992KUE3oWew2J2rJ8A76RxJ6yj2TN7nHr0Uf4fNCH8PEwDz:DpWjfJhpsqlOw92KtY+p7nvU1CccYlt

Entry address:
0x4E350

Entry point:
48, 83, EC, 28, E8, 0B, 87, 00, 00, 48, 83, C4, 28, E9, 42, FE, FF, FF, CC, CC, 48, 89, 5C, 24, 10, 48, 89, 6C, 24, 18, 56, 57, 41, 54, 41, 56, 41, 57, 48, 83, EC, 20, 41, 8B, 78, 0C, 4C, 8B, E1, 49, 8B, C8, 49, 8B, F1, 4D, 8B, F0, 4C, 8B, FA, E8, 0E, 89, 00, 00, 4D, 8B, 14, 24, 4C, 89, 16, 8B, E8, 85, FF, 74, 74, 49, 63, 46, 10, FF, CF, 48, 8D, 14, BF, 48, 8D, 1C, 90, 49, 03, 5F, 08, 3B, 6B, 04, 7E, E5, 3B, 6B, 08, 7F, E0, 49, 8B, 0F, 48, 8D, 54, 24, 50, 45, 33, C0, FF, 15, EC, A1, 01, 00, 4C, 63, 43, 10...
 
[+]

Entropy:
6.0838

Code size:
412 KB (421,888 bytes)

Service
Display name:
Nexthink Collector Service

Service name:
Nexthink Service

Type:
Win32OwnProcess

Group:
COM Infrastructure

Depends on:
nxtrdrv nxtrdrv5


Scan nxtsvc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.