UIAutomationCore[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

UIAutomationCore.dll
Size

548KB
MD5

fd049c25a168d3de310d9207b7b6367b
SHA1

ec48264fc325579ea2d59f6f95957608a9a1d07f
SHA256

48966605e7cf87996068ac1a2e563f90f6f152e710323792c633e10bcba480e4
SHA512

d50c1b2db911cd303ac7b5eaef73badc9ef70ad7c2cf2a456b79ffde72f87fdaa25b06277fae6fa28c1a70a6f17d02db766f91df0ec4edb0ef05db0b7e988ca3
SSDEEP

12288:4bOHQ+4oLOo7VkvT46yMCgfMJDsbt5uMA/UnJUra2oof:2OHh4oLHsCgfMJDsbt5nB2o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
UIAutomationCore.dll

Files

UIAutomationCore.dll
.dll regsvr32 windows:6 windows x86 arch:x86

643dca50c95a43e3e269c782aaf469a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

UIAutomationCore.pdb

Imports

msvcrt

realloc
bsearch
_wcsicmp
_wcsnicmp
free
malloc
memset
??_V@YAXPAX@Z
_unlock
__dllonexit
_lock
_onexit
_amsg_exit
_initterm
_XcptFilter
wcsncmp
wcsstr
wcstol
_isnan
_finite
srand
rand
_vsnwprintf
??_U@YAPAXI@Z
_purecall
memcpy
??2@YAPAXI@Z
??3@YAXPAX@Z

user32

BlockInput
GetCursorPos
GetKeyState
MessageBeep
MapVirtualKeyW
GetSystemMetrics
GetAsyncKeyState
SendInput
GetGUIThreadInfo
GetComboBoxInfo
GetWindowLongW
GetMenuBarInfo
CharLowerW
IsWindowVisible
GetWindowRect
MonitorFromRect
NotifyWinEvent
GetWindowRgn
LoadStringW
GetClientRect
MapWindowPoints
IsWinEventHookInstalled
SendMessageTimeoutW
GetWindowThreadProcessId
GetClassNameW
GetParent
WindowFromPoint
GetAncestor
GetDesktopWindow
IsWindow
UnhookWindowsHookEx
SetWindowsHookExW
CharPrevW
CharNextW
IntersectRect
EqualRect
PostThreadMessageW
SetWinEventHook
PtInRect
UnregisterHotKey
DispatchMessageW
TranslateMessage
GetMessageW
MsgWaitForMultipleObjects
RegisterHotKey
SetForegroundWindow
SetFocus
RegisterWindowMessageW
GetWindowInfo
RealGetWindowClassW
GetScrollInfo
GetScrollBarInfo
SetWindowPlacement
GetWindowPlacement
GetMenuState
SendMessageW
EnumThreadWindows
PostMessageW
IsIconic
SetWindowPos
IsChild
ScreenToClient
GetWindow
GetPropW
UnhookWinEvent
PeekMessageW
CallNextHookEx
IsWindowEnabled

gdi32

CreateRectRgn
PtInRegion
DeleteObject

psapi

GetModuleInformation
GetModuleBaseNameW

kernel32

FindResourceExW
GetVersion
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
OpenFileMappingW
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
IsWow64Process
OpenProcess
GetTickCount
CreateNamedPipeW
CreateFileW
SetNamedPipeHandleState
GetNamedPipeInfo
ReadFile
SetLastError
WaitForMultipleObjects
WriteFile
GetOverlappedResult
ConnectNamedPipe
GetLocaleInfoW
CancelIo
CreateThread
CreateMutexW
ReleaseMutex
DuplicateHandle
InterlockedExchange
WaitForSingleObject
SetEvent
CreateEventW
lstrcmpW
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
ExitProcess
LocalAlloc
CloseHandle
LocalFree
GetModuleHandleExW
GlobalAddAtomW
GlobalDeleteAtom
CompareStringW
GetCurrentThreadId
GetCurrentProcessId
Sleep
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
lstrlenA
lstrcatW
GetCurrentProcess
DisableThreadLibraryCalls
FreeLibrary
GetModuleFileNameW
lstrcpynW
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
lstrcmpiW
LoadLibraryW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
GetLastError
lstrcpyW
lstrlenW
MultiByteToWideChar
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetVersionExW
GetModuleHandleW
GetProcAddress
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
SearchPathW
DisconnectNamedPipe

ole32

CoInitialize
CoInitializeEx
CoUninitialize
CoMarshalInterThreadInterfaceInStream
CoUnmarshalInterface
CoGetInterfaceAndReleaseStream
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysFreeString
LoadTypeLi
RegisterTypeLi
SysStringLen
VarUI4FromStr
UnRegisterTypeLi
SafeArrayDestroy
VariantClear
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetVartype
SafeArrayGetDim
SafeArrayCreateVector
SetErrorInfo
VariantInit
GetErrorInfo
VariantCopy
SafeArrayCreate
SafeArrayPutElement
SysAllocStringLen
CreateErrorInfo
SafeArrayCopy
SysAllocString

advapi32

RegQueryValueExW
GetTraceLoggerHandle
RegisterTraceGuidsW
TraceEvent
RegDeleteValueW
GetTraceEnableFlags
InitializeSecurityDescriptor
ImpersonateNamedPipeClient
RevertToSelf
CreateWellKnownSid
CheckTokenMembership
InitializeAcl
SetSecurityDescriptorSacl
OpenProcessToken
GetTokenInformation
GetSidSubAuthority
AllocateAndInitializeSid
FreeSid
UnregisterTraceGuids
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
GetTraceEnableLevel

oleacc

CreateStdAccessibleObject
PropMgrClient_LookupProp
AccessibleChildren
AccessibleObjectFromWindow
WindowFromAccessibleObject
LresultFromObject
ObjectFromLresult
GetProcessHandleFromHwnd

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DockPattern_SetDockPosition
ExpandCollapsePattern_Collapse
ExpandCollapsePattern_Expand
GridPattern_GetItem
InvokePattern_Invoke
ItemContainerPattern_FindItemByProperty
LegacyIAccessiblePattern_DoDefaultAction
LegacyIAccessiblePattern_GetIAccessible
LegacyIAccessiblePattern_Select
LegacyIAccessiblePattern_SetValue
MultipleViewPattern_GetViewName
MultipleViewPattern_SetCurrentView
RangeValuePattern_SetValue
ScrollItemPattern_ScrollIntoView
ScrollPattern_Scroll
ScrollPattern_SetScrollPercent
SelectionItemPattern_AddToSelection
SelectionItemPattern_RemoveFromSelection
SelectionItemPattern_Select
SynchronizedInputPattern_Cancel
SynchronizedInputPattern_StartListening
TextPattern_GetSelection
TextPattern_GetVisibleRanges
TextPattern_RangeFromChild
TextPattern_RangeFromPoint
TextPattern_get_DocumentRange
TextPattern_get_SupportedTextSelection
TextRange_AddToSelection
TextRange_Clone
TextRange_Compare
TextRange_CompareEndpoints
TextRange_ExpandToEnclosingUnit
TextRange_FindAttribute
TextRange_FindText
TextRange_GetAttributeValue
TextRange_GetBoundingRectangles
TextRange_GetChildren
TextRange_GetEnclosingElement
TextRange_GetText
TextRange_Move
TextRange_MoveEndpointByRange
TextRange_MoveEndpointByUnit
TextRange_RemoveFromSelection
TextRange_ScrollIntoView
TextRange_Select
TogglePattern_Toggle
TransformPattern_Move
TransformPattern_Resize
TransformPattern_Rotate
UiaAddEvent
UiaClientsAreListening
UiaEventAddWindow
UiaEventRemoveWindow
UiaFind
UiaGetErrorDescription
UiaGetPatternProvider
UiaGetPropertyValue
UiaGetReservedMixedAttributeValue
UiaGetReservedNotSupportedValue
UiaGetRootNode
UiaGetRuntimeId
UiaGetUpdatedCache
UiaHPatternObjectFromVariant
UiaHTextRangeFromVariant
UiaHUiaNodeFromVariant
UiaHasServerSideProvider
UiaHostProviderFromHwnd
UiaLookupId
UiaNavigate
UiaNodeFromFocus
UiaNodeFromHandle
UiaNodeFromPoint
UiaNodeFromProvider
UiaNodeRelease
UiaPatternRelease
UiaRaiseAsyncContentLoadedEvent
UiaRaiseAutomationEvent
UiaRaiseAutomationPropertyChangedEvent
UiaRaiseStructureChangedEvent
UiaRegisterProviderCallback
UiaRemoveEvent
UiaReturnRawElementProvider
UiaSetFocus
UiaTextRangeRelease
ValuePattern_SetValue
VirtualizedItemPattern_Realize
WindowPattern_Close
WindowPattern_SetWindowVisualState
WindowPattern_WaitForInputIdle

Sections

.text
Size: 428KB - Virtual size: 428KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

643dca50c95a43e3e269c782aaf469a8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

user32

gdi32

psapi

kernel32

ole32

oleaut32

advapi32

oleacc

Exports

Exports

Sections

.text Size: 428KB - Virtual size: 428KB

.data Size: 14KB - Virtual size: 14KB

.rsrc Size: 86KB - Virtual size: 86KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 428KB - Virtual size: 428KB

.data
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 86KB - Virtual size: 86KB

.reloc
Size: 18KB - Virtual size: 17KB