Microsoft[.]Uev[.]AppAgent[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Microsoft.Uev.AppAgent.dll
Size

1.6MB
MD5

5a220f4fe2a0f66f65ee146da0040a41
SHA1

0d86107826ba4831bbdf10418dce39bc049ba555
SHA256

a39fd2fe546a36751ff1c4d9ce13ed89d30e21b7d550c72b89f5a4394c75f5af
SHA512

01e3ab5ae07d17720c622d7536edac2dbe54816ecf87a3d4346abab171eb20f79f269740a72ebd5ccca35ce8b2411f6900807d3b98521adf727939a1b5e31e1a
SSDEEP

49152:w8yunt9+G3uHVRp7J9qfm0EEzbF/AAgZtDAz7JYODK:iunn+G3uHHVJ9avo

Score

1^/10

Malware Config

Signatures

Files

Microsoft.Uev.AppAgent.dll
.dll windows:10 windows x86 arch:x86

27d84f78aac004eef0d735d05764bdcb

Code Sign

33:00:00:02:65:51:ae:1b:bd:00:5c:bf:bd:00:00:00:00:02:65
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fa:26:48:9e:08:6d:91:66:6c:e6:8f:58:c6:1f:a9:7b:7c:ae:ee:9c:17:1d:44:56:d5:37:65:86:24:6a:1c:46
Signer

Actual PE Digest

fa:26:48:9e:08:6d:91:66:6c:e6:8f:58:c6:1f:a9:7b:7c:ae:ee:9c:17:1d:44:56:d5:37:65:86:24:6a:1c:46

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Microsoft.Uev.AppAgent.pdb

Imports

msvcrt

_vsnwprintf
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@PBD@Z
??0bad_cast@@QAE@ABV0@@Z
memcpy_s
_wcsicmp
strcspn
_purecall
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABV0@@Z
localeconv
_vsnprintf_s
free
??3@YAXPAX@Z
memmove_s
sprintf_s
wcscpy_s
wcsncpy_s
_errno
malloc
_callnewh
_lock
_unlock
setlocale
_CxxThrowException
memcpy
memmove
__uncaught_exception
__pctype_func
isupper
___lc_handle_func
___lc_codepage_func
calloc
___mb_cur_max_func
_ismbblead
memset
islower
_wcsdup
??8type_info@@QBEHABV0@@Z
??9type_info@@QBEHABV0@@Z
__crtCompareStringW
__crtCompareStringA
__crtLCMapStringW
__crtLCMapStringA
_get_current_locale
_free_locale
abort
realloc
ldexp
??_V@YAXPAX@Z
_Getdays
_Getmonths
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
__mb_cur_max
_Gettnames
_Strftime
isspace
tolower
memchr
___lc_collate_cp_func
memcmp
isalnum
isdigit
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler4_common
__RTDynamicCast
fclose
fwrite
?name@type_info@@QBEPBDXZ
swprintf_s
fputc
fflush
fgetc
fgetpos
setvbuf
ungetc
fsetpos
_fseeki64
_mkgmtime
_gmtime64
_wtoi
strchr
ldiv
time
_wcsnicmp
_stricmp
mbstowcs_s
towlower
ftell
_wfopen_s
fseek
fread
ferror
feof
__ExceptionPtrCreate
__ExceptionPtrCopy
__ExceptionPtrDestroy
__ExceptionPtrCurrentException
__ExceptionPtrRethrow
wprintf
_putws
??1bad_typeid@@UAE@XZ
??0bad_typeid@@QAE@ABV0@@Z
__RTtypeid
strerror
_beginthreadex
?before@type_info@@QBEHABV1@@Z
wcscat_s
_wfsopen
__CxxFrameHandler3
?what@exception@@UBEPBDXZ
_ftol2

user32

SetSysColors
GetDoubleClickTime
ShutdownBlockReasonDestroy
SetWindowLongW
LoadCursorW
LoadIconW
TranslateMessage
SendNotifyMessageW
ShutdownBlockReasonCreate
DispatchMessageW
LoadStringW
RegisterClassExW
WaitForInputIdle
CreateWindowExW
DefWindowProcW
GetMessageW
GetSysColor
GetWindowLongW

kernel32

IsDebuggerPresent
LoadLibraryExW
LocalUnlock
DebugBreak
FreeLibrary
GetModuleHandleW
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
AcquireSRWLockShared
LocalFree
CreateMutexExW
GetProcAddress
ResetEvent
HeapAlloc
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
DisableThreadLibraryCalls
GetCurrentProcess
TerminateProcess
GetModuleFileNameW
GetProcessId
OpenEventW
Sleep
AcquireSRWLockExclusive
CloseThreadpoolTimer
SetEvent
OutputDebugStringW
ReleaseSRWLockExclusive
GetLastError
FormatMessageW
ExitProcess
QueryFullProcessImageNameW
GetLocalTime
CreateFileW
CreateEventW
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
DecodePointer
EncodePointer
GetLocaleInfoW
WideCharToMultiByte
GetStringTypeW
MultiByteToWideChar
CreateIoCompletionPort
CopyFileExW
GetSystemTimeAsFileTime
GlobalLock
DeleteFileW
GlobalAlloc
GlobalSize
GetFileAttributesExW
GetTickCount64
OpenProcess
K32GetProcessImageFileNameW
GetFileAttributesW
CreateDirectoryW
GetTempPathW
GetQueuedCompletionStatus
CreateNamedPipeW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
LeaveCriticalSection
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
SetLastError
HeapFree
CreateSemaphoreExW
CreateEventA
GetSystemInfo
LocalLock
ReadFile
GetModuleFileNameA

gdi32

GetStockObject

ole32

CoUninitialize
OleRun
CoUnmarshalInterface
CreateStreamOnHGlobal
CoMarshalInterface
CoTaskMemFree
GetHGlobalFromStream
CoInitializeEx
CoCreateInstance

oleaut32

SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayAccessData
SafeArrayRedim
GetRecordInfoFromTypeInfo
LoadRegTypeLi
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreateEx
SafeArrayPutElement
VariantClear
VariantCopy
VariantInit
SysStringLen
SysAllocStringByteLen
SysFreeString
SysAllocStringLen
SysAllocString

advapi32

EventUnregister
SetSecurityInfo
EventWriteTransfer
EventRegister
EventSetInformation
RegGetValueW

shell32

DoEnvironmentSubstW
SHChangeNotify
SHGetKnownFolderPath

shlwapi

PathFindExtensionW
PathFindFileNameW
PathFileExistsW
PathIsDirectoryW

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

urlmon

CoInternetCreateSecurityManager

api-ms-win-core-path-l1-1-0

PathCchAppend

ext-ms-win-devmgmt-policy-l1-1-0

PolicyManager_GetPolicyInt

api-ms-win-core-processthreads-l1-1-0

SwitchToThread
GetExitCodeProcess
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThread
CreateThread
GetExitCodeThread
ProcessIdToSessionId
CreateProcessW
OpenProcessToken
ResumeThread
SetThreadPriority
TlsAlloc

api-ms-win-core-wow64-l1-1-0

Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegEnumValueW
RegDeleteTreeW
RegDeleteKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegQueryInfoKeyW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW

api-ms-win-core-file-l1-1-0

SetFileAttributesW
GetFileSize
GetFileTime
FindNextFileW
FindClose
GetLongPathNameW
FindFirstFileW
WriteFile
SetFileTime
RemoveDirectoryW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetEnvironmentVariableW

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetSystemWindowsDirectoryW
GetWindowsDirectoryW

api-ms-win-core-file-l2-1-0

MoveFileExW
CreateHardLinkW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrlenA

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl

api-ms-win-core-synch-l1-1-0

SetWaitableTimer
CreateEventExW
CreateMutexW
OpenEventA
WaitForMultipleObjectsEx

api-ms-win-core-synch-ansi-l1-1-0

CreateSemaphoreA

api-ms-win-core-namedpipe-l1-1-0

WaitNamedPipeW

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolWork

api-ms-win-security-base-l1-1-0

GetSidSubAuthority
GetSidSubAuthorityCount
CheckTokenMembership
EqualSid
GetTokenInformation
CreateWellKnownSid

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics
SystemParametersInfoW

api-ms-win-core-localization-l1-2-0

GetUserDefaultLCID
FormatMessageA

api-ms-win-core-handle-l1-1-0

DuplicateHandle

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA
GetModuleHandleA

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualAlloc
VirtualFree
VirtualProtect

api-ms-win-core-processthreads-l1-1-1

SetThreadContext
FlushInstructionCache
GetProcessMitigationPolicy
GetThreadContext

api-ms-win-core-heap-l2-1-0

LocalAlloc

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-file-l1-2-2

AreFileApisANSI

api-ms-win-core-synch-l1-2-1

CreateWaitableTimerW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsRelativeW

api-ms-win-core-registry-l2-1-0

RegEnumKeyW
RegOpenKeyW

api-ms-win-core-errorhandling-l1-1-0

RaiseException

activeds

ord3

Exports

Exports

ApplySettingsFromPackage
OrdinalOne

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27d84f78aac004eef0d735d05764bdcb

Code Sign

33:00:00:02:65:51:ae:1b:bd:00:5c:bf:bd:00:00:00:00:02:65Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

fa:26:48:9e:08:6d:91:66:6c:e6:8f:58:c6:1f:a9:7b:7c:ae:ee:9c:17:1d:44:56:d5:37:65:86:24:6a:1c:46Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

user32

kernel32

gdi32

ole32

oleaut32

advapi32

shell32

shlwapi

wtsapi32

urlmon

api-ms-win-core-path-l1-1-0

ext-ms-win-devmgmt-policy-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-wow64-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-version-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-ansi-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-ntuser-sysparams-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-heap-l2-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-file-l2-1-2

api-ms-win-core-file-l1-2-2

api-ms-win-core-synch-l1-2-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-errorhandling-l1-1-0

activeds

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.data Size: 52KB - Virtual size: 61KB

.idata Size: 12KB - Virtual size: 11KB

.didat Size: 512B - Virtual size: 64B

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 86KB - Virtual size: 85KB

33:00:00:02:65:51:ae:1b:bd:00:5c:bf:bd:00:00:00:00:02:65
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

fa:26:48:9e:08:6d:91:66:6c:e6:8f:58:c6:1f:a9:7b:7c:ae:ee:9c:17:1d:44:56:d5:37:65:86:24:6a:1c:46
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 52KB - Virtual size: 61KB

.idata
Size: 12KB - Virtual size: 11KB

.didat
Size: 512B - Virtual size: 64B

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 86KB - Virtual size: 85KB