ndadmin.exe

  • File Path: C:\WINDOWS\system32\ndadmin.exe
  • Description: Device driver software installation

Hashes

Type Hash
MD5 579C846874CCD21D959B3C1837B7437B
SHA1 9C669AEBDE7F9757A06EBAD8DEBD50D5E7E7F1B5
SHA256 DD28D5847DFDFA964F8ACF160CEFBF7BDD994134AF442E0819B5CAB88E8F34CD
SHA384 65437DEE281F450EC824E2F420BB3C8B83D5947143FEF08BEEA98A6C5CBF448E9F9C22D4B9CEA43D9F6B31B2C54B1411
SHA512 F59EB7D023DE73177277FEE38C707166C8D601D5DAECFD1C6CC98B88EBE9F79690E1FCEEAF4B3B67C46E9D8B3EEE95366DB593F2D581FBDB4C7681E6E6552D99
SSDEEP 768:lGL1WMZ27/65pOJTu7rjQAhtqIrn8+1hrpFIUUUUUUUUUUUUqRcxM:EL1Wgpe6rjfFrGUUUUUUUUUUUU3+
IMP 64F3EECFF5F5A778F51D1AA0187DF5C1
PESHA1 ACFE2AE4AEB066D152403A158399ADFFCF9B0EA4
PE256 2A82DB295BB15124A1F73723B1817F4E671D98262A93E24C65AF36DA3340E0EF

Runtime Data

Loaded Modules:

Path
C:\WINDOWS\System32\KERNEL32.DLL
C:\WINDOWS\System32\KERNELBASE.dll
C:\WINDOWS\System32\msvcrt.dll
C:\WINDOWS\system32\ndadmin.exe
C:\WINDOWS\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 33000002ED2C45E4C145CF48440000000002ED
  • Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: NDAdmin.EXE.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 5.2.3668.0
  • Product Version: 5.2.3668.0
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/dd28d5847dfdfa964f8acf160cefbf7bdd994134af442e0819b5cab88e8f34cd/detection

File Similarity (ssdeep match)

File Score
C:\Windows\system32\ndadmin.exe 72
C:\Windows\system32\ndadmin.exe 69
C:\Windows\system32\ndadmin.exe 68
C:\WINDOWS\system32\ndadmin.exe 68
C:\Windows\system32\ndadmin.exe 66
C:\Windows\system32\ndadmin.exe 71
C:\Windows\system32\newdev.exe 41
C:\WINDOWS\system32\newdev.exe 50
C:\Windows\system32\newdev.exe 49
C:\Windows\system32\newdev.exe 43
C:\Windows\system32\newdev.exe 41
C:\WINDOWS\system32\newdev.exe 63
C:\Windows\system32\newdev.exe 47
C:\Windows\system32\pnpclean.dll 29
C:\Windows\SysWOW64\ndadmin.exe 63
C:\Windows\SysWOW64\ndadmin.exe 65
C:\Windows\SysWOW64\ndadmin.exe 65
C:\Windows\SysWOW64\ndadmin.exe 66
C:\Windows\SysWOW64\ndadmin.exe 71
C:\WINDOWS\SysWOW64\ndadmin.exe 66
C:\WINDOWS\SysWOW64\ndadmin.exe 68
C:\Windows\SysWOW64\newdev.exe 68
C:\Windows\SysWOW64\newdev.exe 69
C:\Windows\SysWOW64\newdev.exe 65
C:\Windows\SysWOW64\newdev.exe 65
C:\WINDOWS\SysWOW64\newdev.exe 47
C:\WINDOWS\SysWOW64\newdev.exe 44
C:\Windows\SysWOW64\newdev.exe 65

MIT License. Copyright (c) 2020-2021 Strontic.