CheckNDISPort_df.exe file report

» File
File Details
Overview
Analysis

ThreatInfo file report

CheckNDISPort_df.exe

Verdict Clean

MD5 9a205eaad4b262cd45d4b76bfb3b8656

Latest seen 2021-01-07 19:39:01 (5 years ago)

First seen 2021-01-07 19:39:01 (5 years ago)

Size 465 KB

Signed by ZTE CORPORATION

Analyst brief

What this report says

ThreatInfo currently records CheckNDISPort_df.exe as Clean. Treat the hash, publisher, signature, and observed locations below as the primary identity markers for comparison with the file on your system.

This page combines the detection verdict with file identity, publisher metadata, alternate names, observed paths, geography, OS signals, and PE details so the report reads as a triage record rather than a standalone download page.

Why it matters

Evidence available for this file

Detection

Latest status is clean for this hash.

Timeline

First seen 2021-01-07 19:39:01 (5 years ago); latest analysis 2021-01-07 19:39:01 (5 years ago).

Digital signature

Signed by ZTE CORPORATION. ThreatInfo marks this publisher as trusted for this record.

Recommended action

What to do next

Confirm the hash and publisher match the expected software.
Review the observed locations and signature information below.
Rescan if the file was downloaded from an unknown source or appears in an unusual path.

File context

CheckNDISPort_df.exe is a Windows file recorded in the ThreatInfo database. The current detection status is Clean, based on the latest analysis from 2021-01-07 19:39:01 (5 years ago).

This record is currently marked as clean, but file reputation can depend on the exact path, hash, and source. Compare the MD5 and publisher data below with the file on your system.

File Details

Main Info:

MD5:	9a205eaad4b262cd45d4b76bfb3b8656
Size:	465 KB
First Published:	2021-01-07 19:39:01 (5 years ago)
Latest Published:	2021-01-07 19:39:01 (5 years ago)

Analysis:

Status:	Clean (on last analysis)
Analysis Date:	2021-01-07 19:39:01 (5 years ago)

Overview

Digital Signature

Signed By:	ZTE CORPORATION
Status:	Trusted Publisher

ThreatInfo marks this publisher as trusted for this record, but the file hash and source should still match the expected software distribution.

OS Version:

Windows Server 2012 R2

100.0%

The most common operating system signal for CheckNDISPort_df.exe is Windows Server 2012 R2 with 100.0% of observed hits. If your system differs from the common profile, check whether the file was introduced by a specific installer, archive, or removable device.

Analysis

PE Info:

CheckNDISPort_df.exe is identified as pe for 32 systems. The subsystem is Windows GUI. PE header values are useful for triage, especially when they do not match the expected publisher, product, or release timeline.

Subsystem:	Windows GUI
PE Type:	pe
OS Bitness:	32
Image Base:	0x00400000
Entry Address:	0x00030813

PE Sections:

Name	Size of data	MD5
.text	305664	c46e5624c1573e0e3517442a881102b5
.rdata	73216	e8cd52f1c4ba704cabee1a818eecb831
.data	11776	72f4b2a097cee98feeeaaf7591e2904d
.rsrc	34816	b1ff0bba97086c73ac868e63da500b64
.reloc	40960	5d1bd6db09ed73736a95fd4cc0ee1b89

PE section names and hashes can reveal packing, injected resources, or unusual build artifacts. Sections with uncommon names, very large raw data, or hashes that differ from a trusted copy deserve additional review.

More information:

Search on Virustotal

copyright for information about CheckNDISPort_df.exe