CoreUIComponents[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

CoreUIComponents.dll
Size

2.0MB
MD5

28a9062f97909b3370df3f54b6705e10
SHA1

cf29a1bcaac54a9399f977955dba42158f8fb691
SHA256

b61094c4d893c617d4884ca2da240da17fd2d92fe641fc1899d07d9d70539974
SHA512

ff93ffa4db9d38c30f6dd1d1a5f578cdba4a8df411b032bb6657c89e66ade1d41972c1d6f49a8477791eb1f781d1ae2b258d79b8714144598288ebccdec48d35
SSDEEP

24576:fKUq+1fmOol6gCVr9eRPKPQsGDa52TfVeHXP8BZgSbDFbQpBA2HIzlJFTs:N1fmgIKPQKx2/deBA2IxJFw

Score

1^/10

Malware Config

Signatures

Files

CoreUIComponents.dll
.dll windows:6 windows x86 arch:x86

cc8cccea577bd78cd7d64bc4fca13911

Code Sign

33:00:00:00:bc:e1:20:fd:d2:7c:c8:ee:93:00:00:00:00:00:bc
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-08-2015 17:15

Not After

18-11-2016 17:15

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a4:c0:f0:47:a2:f6:ba:0c:52:db:e2:c2:d1:67:43:90:ff:59:0a:bc:66:b6:d0:5b:27:1c:6f:bd:c4:27:43:1f
Signer

Actual PE Digest

a4:c0:f0:47:a2:f6:ba:0c:52:db:e2:c2:d1:67:43:90:ff:59:0a:bc:66:b6:d0:5b:27:1c:6f:bd:c4:27:43:1f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

CoreUIComponents.pdb

Imports

msvcrt

__CxxFrameHandler3
?terminate@@YAXXZ
_callnewh
_wcsicmp
_vsnprintf_s
memcpy_s
_libm_sse2_sqrt_precise
memcmp
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
memcpy
_purecall
_CxxThrowException
wcscpy_s
swprintf_s
wcsrchr
printf
_vsnwprintf
realloc
wcsspn
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
_initterm
malloc
free
memchr
_amsg_exit
memmove
_XcptFilter
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_wcstoui64
memset

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FreeLibrary
GetModuleHandleExW
LoadLibraryExA
DisableThreadLibraryCalls
GetModuleFileNameA
LoadLibraryExW
FreeLibraryAndExitThread
GetProcAddress
GetModuleFileNameW

api-ms-win-core-synch-l1-2-0

InitializeCriticalSectionEx
OpenEventW
ReleaseSemaphore
SetEvent
LeaveCriticalSection
ReleaseSRWLockShared
EnterCriticalSection
DeleteCriticalSection
AcquireSRWLockShared
Sleep
WaitForSingleObject
CreateEventW
CancelWaitableTimer
WaitForSingleObjectEx
SetWaitableTimer
CreateWaitableTimerExW
InitOnceComplete
ReleaseMutex
InitializeSRWLock
InitializeCriticalSection
CreateMutexExW
InitOnceBeginInitialize
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitOnceExecuteOnce
CreateEventExW
CreateSemaphoreExW
OpenSemaphoreW

api-ms-win-core-errorhandling-l1-1-1

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-2

SetThreadPriority
GetCurrentProcess
TerminateProcess
OpenProcess
GetCurrentProcessId
GetCurrentThreadId
OpenProcessToken
TlsSetValue
TlsGetValue
GetCurrentThread
TlsFree
TlsAlloc
CreateThread

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetSystemTime
GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
CompareStringW
WideCharToMultiByte

api-ms-win-core-debug-l1-1-1

DebugBreak
OutputDebugStringW
IsDebuggerPresent
CheckRemoteDebuggerPresent

api-ms-win-core-rtlsupport-l1-2-0

RtlCaptureStackBackTrace

api-ms-win-core-heap-l1-2-0

HeapAlloc
GetProcessHeap
HeapCreate
HeapDestroy
HeapFree

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-localization-l1-2-1

FormatMessageW
GetLocaleInfoW
LCMapStringW

api-ms-win-core-file-l1-2-1

WriteFile
GetFileType
FlushFileBuffers

api-ms-win-core-console-l1-1-0

GetConsoleMode
WriteConsoleW

api-ms-win-core-processenvironment-l1-2-0

GetStdHandle

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-com-l1-1-1

CoCreateInstance
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoMarshalInterface
CoWaitForMultipleHandles
CoReleaseMarshalData
CreateStreamOnHGlobal
CoGetMalloc
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoGetApartmentType
CoInitializeEx
CoGetStdMarshalEx
RoGetAgileReference

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalFree
LocalAlloc

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegGetValueW

api-ms-win-security-base-l1-2-0

FreeSid
AllocateAndInitializeSid
GetTokenInformation
EqualSid

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsDeleteString
WindowsIsStringEmpty
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-winrt-error-l1-1-1

RoOriginateError
RoGetMatchingRestrictedErrorInfo
RoTransformError
RoOriginateErrorW
GetRestrictedErrorInfo
RoReportFailedDelegate
SetRestrictedErrorInfo
IsErrorPropagationEnabled

api-ms-win-core-memory-l1-1-2

VirtualQuery
CreateFileMappingW
VirtualProtect

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled
QuirkIsEnabledForPackage

api-ms-win-core-localization-obsolete-l1-3-0

GetNumberFormatW

ntdll

RtlCopySid
NtQueryInformationToken
RtlValidSid
RtlGetDeviceFamilyInfoEnum
NtQueryInformationProcess

coremessaging

CoreUIOpenExisting
MsgRelease
CoreUICreate
CoreUICreateAnonymousStream
MsgStringCreateStack
MsgStringCreateShared
MsgBlobCreateStack
MsgBlobCreateShared
CoreUICreateSystemWindowIDManager

api-ms-win-appmodel-runtime-l1-1-1

ParseApplicationUserModelId
FindPackagesByPackageFamily
PackageFamilyNameFromFullName

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

api-ms-win-ntuser-sysparams-l1-1-0

GetMonitorInfoW
EnumDisplayMonitors

api-ms-win-gdi-dpiinfo-l1-1-0

GetCurrentDpiInfo

api-ms-win-core-winrt-propertysetprivate-l1-1-0

RoCreateNonAgilePropertySet

api-ms-win-core-winrt-propertysetprivate-l1-1-1

RoCreatePropertySetSerializer

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-libraryloader-l1-2-2

LoadLibraryW

api-ms-win-service-core-l1-1-1

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-shcore-thread-l1-1-0

SHSetThreadRef
SHCreateThreadRef
SHGetThreadRef

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-security-lsalookup-l2-1-1

LookupAccountNameW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
FreeLibraryWhenCallbackReturns
TrySubmitThreadpoolCallback
CloseThreadpoolTimer
CallbackMayRunLong

Exports

Exports

CoreUIClientCreate
CoreUIClientTestCreate
CoreUIConfigureTestHost
CoreUICreateDuplicateWindowFactory
CoreUICreateICoreWindowFactory
CoreUIFactoryCreate
CoreUIServerCreate
CoreUIServerTestCreate
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
MinUserControllerNavigationDisable
MinUserControllerNavigationEnable
MinUserControllerNavigationPause
MinUserControllerNavigationResume
MinUserControllerNavigationSetOnCrossedBoundsCallback
MinUserGetInputHost
MinUserGetInputRoutingInfo
MinUserGetPointerDeviceMaxInputs
MinUserGetPointerDeviceProperties
MinUserInputInitialize
MinUserRegisterPointerInputTarget
MinUserUnregisterPointerInputTarget
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 509KB - Virtual size: 508KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 233KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc8cccea577bd78cd7d64bc4fca13911

Code Sign

33:00:00:00:bc:e1:20:fd:d2:7c:c8:ee:93:00:00:00:00:00:bcCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

a4:c0:f0:47:a2:f6:ba:0c:52:db:e2:c2:d1:67:43:90:ff:59:0a:bc:66:b6:d0:5b:27:1c:6f:bd:c4:27:43:1fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-rtlsupport-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-localization-l1-2-1

api-ms-win-core-file-l1-2-1

api-ms-win-core-console-l1-1-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-heap-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-memory-l1-1-2

api-ms-win-core-quirks-l1-1-0

api-ms-win-core-localization-obsolete-l1-3-0

ntdll

coremessaging

api-ms-win-appmodel-runtime-l1-1-1

api-ms-win-core-winrt-robuffer-l1-1-0

api-ms-win-ntuser-sysparams-l1-1-0

api-ms-win-gdi-dpiinfo-l1-1-0

api-ms-win-core-winrt-propertysetprivate-l1-1-0

api-ms-win-core-winrt-propertysetprivate-l1-1-1

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-libraryloader-l1-2-2

api-ms-win-service-core-l1-1-1

api-ms-win-core-synch-l1-2-1

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-string-l2-1-1

api-ms-win-security-lsalookup-l2-1-1

api-ms-win-core-threadpool-l1-2-0

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 509KB - Virtual size: 508KB

.data Size: 2KB - Virtual size: 7KB

.didat Size: 512B - Virtual size: 336B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 233KB - Virtual size: 232KB

.reloc Size: 112KB - Virtual size: 112KB

33:00:00:00:bc:e1:20:fd:d2:7c:c8:ee:93:00:00:00:00:00:bc
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

a4:c0:f0:47:a2:f6:ba:0c:52:db:e2:c2:d1:67:43:90:ff:59:0a:bc:66:b6:d0:5b:27:1c:6f:bd:c4:27:43:1f
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 509KB - Virtual size: 508KB

.data
Size: 2KB - Virtual size: 7KB

.didat
Size: 512B - Virtual size: 336B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 233KB - Virtual size: 232KB

.reloc
Size: 112KB - Virtual size: 112KB