ni5[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ni5.dll
Size

80.9MB
MD5

4887f821e1a4b294d4811639380b5071
SHA1

e59414b45a8399dcfc43f108ce8201be717ff780
SHA256

942a193ab19540a35f30c245ae1a78f2420fbd552a6d1b6db1ceac5bf8b9ebff
SHA512

9ba48089604a3859c46433c6c538a39a4354488e4d5f0b700d147226eb61e2502471dace7980fd7379539a51d5742797a31e070c3e06433b86d117aa2c218fa7
SSDEEP

786432:dtEmJtY3FXqZ/0NXO8UeSavDENJOBmLWtV47XxTxHf18udA4Nr4r2deOfPpoA+YH:gmyqh8kavIrOBOTxHfG54yrWUK8WDWs

Score

1^/10

Malware Config

Signatures

Files

ni5.dll
.dll windows:5 windows x64 arch:x64

4d1af661d7a8e89f3f14ccbbf2fe6031

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:75:04:fb:79:33:f3:1d:9f:b5:d9:51:90:30:88:aa
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

30/07/2009, 00:00

Not After

26/08/2012, 23:59

Subject

CN=NATIVE INSTRUMENTS GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=NATIVE INSTRUMENTS GmbH,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:ee:bd:86:55:3e:66:77:c0:e0:ce:57:c5:29:56:65:84:fe:7f:86
Signer

Actual PE Digest

79:ee:bd:86:55:3e:66:77:c0:e0:ce:57:c5:29:56:65:84:fe:7f:86

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\NIBuild\GuitarRig5\GuitarRig\build\release\x64\vst\Guitar Rig 5.pdb

Imports

wintrust

WinVerifyTrust

iphlpapi

GetIfTable

powrprof

CallNtPowerInformation

kernel32

ResetEvent
CancelIo
GetOverlappedResult
WaitNamedPipeW
SetNamedPipeHandleState
FreeLibrary
DisconnectNamedPipe
GlobalMemoryStatus
GetCurrentProcessId
QueryPerformanceCounter
GetTickCount
GetStdHandle
CallNamedPipeW
MultiByteToWideChar
GetVersion
GetLastError
GetCurrentThreadId
GetVersionExW
GetSystemDirectoryW
GetWindowsDirectoryW
GetVolumeInformationW
GetSystemInfo
GlobalMemoryStatusEx
GetDriveTypeA
GetFileType
CreateNamedPipeW
GetProcAddress
LoadLibraryW
FlushConsoleInputBuffer
LoadLibraryA
DeleteFileA
WaitForMultipleObjects
ConnectNamedPipe
ReadConsoleInputA
CloseHandle
SetConsoleMode
lstrlenA
GetStringTypeExW
GetFullPathNameW
GetFullPathNameA
GetCurrentDirectoryA
GetFileSize
IsDBCSLeadByteEx
GetVersionExA
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
OutputDebugStringA
CompareStringW
GetUserDefaultLangID
GetCurrentProcess
CreateFileW
QueryPerformanceFrequency
InitializeCriticalSection
DeleteCriticalSection
CreateEventW
SetEvent
WaitForSingleObject
CreateSemaphoreW
ReleaseSemaphore
GetCurrentThread
SetThreadPriority
ResumeThread
SleepEx
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
LockResource
SizeofResource
LoadResource
FindResourceA
ExitProcess
MoveFileW
CopyFileW
DeleteFileW
GetFileAttributesExW
LocalFree
ReadFile
DeviceIoControl
RaiseException
FindClose
DuplicateHandle
OutputDebugStringW
WriteConsoleW
WriteConsoleA
WideCharToMultiByte
GetACP
GetFileInformationByHandle
GetFileAttributesW
FindFirstFileW
GetWindowsDirectoryA
FindNextFileW
GetCurrentDirectoryW
GetModuleFileNameW
CreateDirectoryW
GetComputerNameW
GetUserDefaultLCID
IsWow64Process
GetDriveTypeW
GetLogicalDriveStringsW
GetDateFormatW
GetTimeFormatW
FileTimeToLocalFileTime
Sleep
GetLocaleInfoA
GlobalUnlock
GlobalSize
GlobalLock
GlobalAlloc
GlobalFree
GetVolumeInformationA
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
SetLastError
GetExitCodeProcess
OpenProcess
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapFree
FlsSetValue
GetCommandLineA
HeapAlloc
HeapReAlloc
SetConsoleCtrlHandler
ExitThread
CreateThread
FileTimeToSystemTime
FindFirstFileA
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
CompareStringA
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
WriteFile
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
GetOEMCP
IsValidCodePage
HeapSize
GetModuleHandleW
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeZoneInformation
FatalAppExitA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
SetFilePointer
GetStringTypeA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
GetConsoleOutputCP
CreateFileA
SetEnvironmentVariableA
SetEnvironmentVariableW
SetEndOfFile
GetProcessHeap
FormatMessageA
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile

user32

GetMenuItemCount
GetMenuItemID
GetMenuState
EnableMenuItem
DestroyMenu
InsertMenuW
GetSubMenu
InsertMenuItemW
FillRect
GetMonitorInfoW
GetSystemMetrics
GetWindowRect
ReleaseDC
EnumDisplayMonitors
GetDC
TrackPopupMenu
GetCursorPos
CreatePopupMenu
LoadCursorW
SetCursor
SetCursorPos
SetWindowPos
SetMenu
SetWindowLongW
BringWindowToTop
GetMenu
GetWindowLongW
SendMessageW
ToUnicode
MapVirtualKeyW
DrawMenuBar
GetWindowLongPtrW
FindWindowW
LoadIconW
IsZoomed
InvalidateRect
UpdateWindow
GetClientRect
GetWindowPlacement
SetWindowPlacement
GetWindow
AdjustWindowRectEx
ClientToScreen
ReleaseCapture
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
DefMDIChildProcW
ScreenToClient
TrackMouseEvent
GetDlgItem
EndPaint
BeginPaint
SetWindowLongPtrW
GetParent
GetAsyncKeyState
GetSystemMenu
IsIconic
GetDialogBaseUnits
EndDialog
CallWindowProcW
DialogBoxIndirectParamW
EnumThreadWindows
UnhookWindowsHookEx
CallNextHookEx
IsChild
GetKeyboardState
SetWindowsHookExW
MessageBoxA
LoadStringW
MessageBoxW
IsWindowVisible
ShowWindow
GetForegroundWindow
SetForegroundWindow
RegisterClassW
CreateWindowExW
RegisterDeviceNotificationW
UnregisterDeviceNotification
DestroyWindow
UnregisterClassW
CharUpperBuffW
DefWindowProcW
CharUpperW
TranslateMessage
PostMessageW
KillTimer
SetTimer
GetKeyState
SystemParametersInfoW
SetCapture
RegisterClipboardFormatA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
GetFocus
SetFocus
GetClassNameA
LoadImageW
GetSysColor

gdi32

DeleteDC
DeleteObject
SelectObject
CreateCompatibleBitmap
GetStockObject
CreateCompatibleDC
CreateDIBSection
GetClipBox
CreateSolidBrush
CreatePen
SetDIBitsToDevice
SetROP2

advapi32

InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegFlushKey
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
CloseServiceHandle
StartServiceW
OpenServiceW
OpenSCManagerW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ole32

RegisterDragDrop
RevokeDragDrop
CoCreateGuid
DoDragDrop
CoTaskMemFree
ReleaseStgMedium
OleGetClipboard
OleSetClipboard
CoUninitialize
CoInitialize
OleInitialize
OleUninitialize
CoCreateInstance
StringFromGUID2
CoGetObject

psapi

EnumProcessModules
GetModuleBaseNameA

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

shlwapi

PathCreateFromUrlW
UrlCreateFromPathW
PathIsDirectoryW
UrlIsW

ws2_32

send
recv
shutdown
WSASetLastError
WSAStartup
WSAGetLastError
WSACleanup
closesocket

dbghelp

MiniDumpWriteDump

comdlg32

GetOpenFileNameW
GetSaveFileNameW

shell32

SHAppBarMessage
SHGetFolderPathW
DragQueryFileW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
ShellExecuteW
ord74
ShellExecuteA

oleaut32

VariantClear
SysFreeString
SysAllocString

Exports

Exports

NICreatePlugInInstance
VSTPluginMain
getActivePackIDs
main

Sections

.text
Size: 10.1MB - Virtual size: 10.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15.8MB - Virtual size: 15.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.7MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 626KB - Virtual size: 625KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 50.2MB - Virtual size: 50.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 443KB - Virtual size: 443KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d1af661d7a8e89f3f14ccbbf2fe6031

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

07:75:04:fb:79:33:f3:1d:9f:b5:d9:51:90:30:88:aaCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

79:ee:bd:86:55:3e:66:77:c0:e0:ce:57:c5:29:56:65:84:fe:7f:86Signer

Headers

File Characteristics

PDB Paths

Imports

wintrust

iphlpapi

powrprof

kernel32

user32

gdi32

advapi32

ole32

psapi

version

shlwapi

ws2_32

dbghelp

comdlg32

shell32

oleaut32

Exports

Exports

Sections

.text Size: 10.1MB - Virtual size: 10.1MB

.rdata Size: 15.8MB - Virtual size: 15.8MB

.data Size: 3.7MB - Virtual size: 3.9MB

.pdata Size: 626KB - Virtual size: 625KB

.data1 Size: 20KB - Virtual size: 20KB

_RDATA Size: 1024B - Virtual size: 784B

.rsrc Size: 50.2MB - Virtual size: 50.2MB

.reloc Size: 443KB - Virtual size: 443KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

07:75:04:fb:79:33:f3:1d:9f:b5:d9:51:90:30:88:aa
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

79:ee:bd:86:55:3e:66:77:c0:e0:ce:57:c5:29:56:65:84:fe:7f:86
Signer

.text
Size: 10.1MB - Virtual size: 10.1MB

.rdata
Size: 15.8MB - Virtual size: 15.8MB

.data
Size: 3.7MB - Virtual size: 3.9MB

.pdata
Size: 626KB - Virtual size: 625KB

.data1
Size: 20KB - Virtual size: 20KB

_RDATA
Size: 1024B - Virtual size: 784B

.rsrc
Size: 50.2MB - Virtual size: 50.2MB

.reloc
Size: 443KB - Virtual size: 443KB