ndadmin.exe

  • File Path: C:\Windows\system32\ndadmin.exe
  • Description: Device driver software installation

Hashes

Type Hash
MD5 3F90D98AC5890CD2D3EBEAF1715B7890
SHA1 69FEAD1E1088B2CD9FDC066F09658D8AA097C9FC
SHA256 C33DB51C283F57AA5169A3EC8367D754D7AD39E2E7B4E2975FDD1D62F221C028
SHA384 EDC20C9FA786AA32C368EC827FE2F1919134E7F300FE2C1ACF6EB3EE5C42C8AB31F0E49F472A8961F0A36556EC239515
SHA512 BFAAD9D79FE64F0D0F526F1BFC1F815E6D6BB6981277C7E08BA9E1DEC5A3E3A48BC7E393E8575C7076B51A1EC88A2F0D41D46352948ECD707482306FAE90AB31
SSDEEP 768:lNnq9lObT1DA7NfrjQAhtqIrn8+1hrpFIUUUUUUUUUUUUqRcxM:K9lObTR4frjfFrGUUUUUUUUUUUU3+
IMP 3AED82C66B004C977279044836A79845
PESHA1 772F3289091F544195FCE49147BCD8DD565E9E55
PE256 3412054FCEE757021CEB3D4744F4C5E86CB5A1EA805E3CA3DCC5F31638861A74

Runtime Data

Loaded Modules:

Path
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\system32\ndadmin.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\SHELL32.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\System32\USER32.dll

Signature

  • Status: Signature verified.
  • Serial: 33000002EC6579AD1E670890130000000002EC
  • Thumbprint: F7C2F2C96A328C13CDA8CDB57B715BDEA2CBD1D9
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: NDAdmin.EXE.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 5.2.3668.0
  • Product Version: 5.2.3668.0
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/c33db51c283f57aa5169a3ec8367d754d7ad39e2e7b4e2975fdd1d62f221c028/detection

File Similarity (ssdeep match)

File Score
C:\Windows\system32\ndadmin.exe 79
C:\Windows\system32\ndadmin.exe 69
C:\WINDOWS\system32\ndadmin.exe 72
C:\WINDOWS\system32\ndadmin.exe 68
C:\Windows\system32\ndadmin.exe 63
C:\Windows\system32\ndadmin.exe 79
C:\Windows\system32\newdev.exe 44
C:\WINDOWS\system32\newdev.exe 49
C:\Windows\system32\newdev.exe 47
C:\Windows\system32\newdev.exe 50
C:\Windows\system32\newdev.exe 44
C:\WINDOWS\system32\newdev.exe 65
C:\Windows\system32\newdev.exe 38
C:\Windows\system32\pnpclean.dll 25
C:\Windows\SysWOW64\ndadmin.exe 68
C:\Windows\SysWOW64\ndadmin.exe 69
C:\Windows\SysWOW64\ndadmin.exe 68
C:\Windows\SysWOW64\ndadmin.exe 69
C:\Windows\SysWOW64\ndadmin.exe 77
C:\WINDOWS\SysWOW64\ndadmin.exe 71
C:\WINDOWS\SysWOW64\ndadmin.exe 68
C:\Windows\SysWOW64\newdev.exe 65
C:\Windows\SysWOW64\newdev.exe 71
C:\Windows\SysWOW64\newdev.exe 65
C:\Windows\SysWOW64\newdev.exe 68
C:\WINDOWS\SysWOW64\newdev.exe 46
C:\WINDOWS\SysWOW64\newdev.exe 52
C:\Windows\SysWOW64\newdev.exe 66

MIT License. Copyright (c) 2020-2021 Strontic.