ndadmin.exe

  • File Path: C:\Windows\system32\ndadmin.exe
  • Description: Device driver software installation

Hashes

Type Hash
MD5 DFCF5A55C907ACED69415F871335DD3B
SHA1 6BC2FBD73C5A89CCD621CFC130735EA9274EEC1A
SHA256 E31A51CDC7CFD3924C2C259B78A5D5165E1EB708F20BE9806B5D400F76470EE9
SHA384 66D718EF43C3A3197CC28D71FE1C917B8CF9CF2DFAF526F3052607D681519262B461C576BFABF3FB340565DC2882DBEA
SHA512 943B5AF342467B2657010A8D34FFF57BA3AEE8F5FCC927A1F9250AB8D44D311AEDEF9DF39F05C2A6661F2634B160A018547BB136612352A05C18E2E528ED5FD9
SSDEEP 768:EEnF9lObTuBYzMbjrjQAhtqIrn8+1hrpFIUUUUUUUUUUUUqRcxM:d9lObT+YAPrjfFrGUUUUUUUUUUUU3+
IMP 3AED82C66B004C977279044836A79845
PESHA1 0B72792C053CB0502B594C1A247F4B17A9BBBB63
PE256 BD187803B958BC22957CA730B4F735134CE6AFC89B17133B88F0C1676EB82180

Runtime Data

Loaded Modules:

Path
C:\Windows\System32\ADVAPI32.dll
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\system32\ndadmin.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\SHELL32.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\System32\USER32.dll
C:\Windows\System32\win32u.dll

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: NDAdmin.EXE.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 5.2.3668.0
  • Product Version: 5.2.3668.0
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/76
  • VirusTotal Link: https://www.virustotal.com/gui/file/e31a51cdc7cfd3924c2c259b78a5d5165e1eb708f20be9806b5d400f76470ee9/detection

File Similarity (ssdeep match)

File Score
C:\Windows\system32\ndadmin.exe 79
C:\Windows\system32\ndadmin.exe 88
C:\Windows\system32\ndadmin.exe 69
C:\WINDOWS\system32\ndadmin.exe 71
C:\WINDOWS\system32\ndadmin.exe 74
C:\Windows\system32\ndadmin.exe 72
C:\Windows\system32\newdev.exe 43
C:\WINDOWS\system32\newdev.exe 47
C:\Windows\system32\newdev.exe 47
C:\Windows\system32\newdev.exe 50
C:\Windows\system32\newdev.exe 43
C:\WINDOWS\system32\newdev.exe 61
C:\Windows\system32\newdev.exe 38
C:\Windows\system32\pnpclean.dll 25
C:\Windows\SysWOW64\ndadmin.exe 66
C:\Windows\SysWOW64\ndadmin.exe 69
C:\Windows\SysWOW64\ndadmin.exe 66
C:\Windows\SysWOW64\ndadmin.exe 68
C:\Windows\SysWOW64\ndadmin.exe 74
C:\WINDOWS\SysWOW64\ndadmin.exe 68
C:\WINDOWS\SysWOW64\ndadmin.exe 66
C:\Windows\SysWOW64\newdev.exe 69
C:\Windows\SysWOW64\newdev.exe 66
C:\Windows\SysWOW64\newdev.exe 69
C:\Windows\SysWOW64\newdev.exe 71
C:\WINDOWS\SysWOW64\newdev.exe 49
C:\WINDOWS\SysWOW64\newdev.exe 47
C:\Windows\SysWOW64\newdev.exe 63

MIT License. Copyright (c) 2020-2021 Strontic.