Windows[.]UI[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Windows.UI.dll
Size

366KB
MD5

c9f702a1c979c4daf192c0a66bd4eb97
SHA1

119bc640a2df4a1a3f2bd6e7fae4aae837578ba2
SHA256

46c9b5cb4b174adbfd19c1f2b2e615f7152e5449b85fcbf2596293cbd4ced066
SHA512

23ba5f22800b5d6392c470f1207ecddcb50ac127264fc1c43287122dfcf3c2ae20b9a38cb07ea9f94b0e31c5d6b459cfc5ffca54a1378264dd4822ee8aee926f
SSDEEP

6144:AJCWRgwKlySlJin22ELS9UMW+/arH/6h3kiujldQazbA:AwjVmWsaOujldFb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Windows.UI.dll

Files

Windows.UI.dll
.dll regsvr32 windows:6 windows x86 arch:x86

fd6fdbbc80237b6991175d444a2c4a1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Windows.UI.pdb

Imports

msvcrt

memmove_s
realloc
_isnan
memmove
_except_handler4_common
__CxxFrameHandler3
??2@YAPAXI@Z
_onexit
??3@YAXPAX@Z
_finite
__dllonexit
memcpy
memcmp
floor
_purecall
free
malloc
_XcptFilter
_initterm
_lock
_ftol2_sse
_unlock
_amsg_exit
_CIatan2
_CIcos
_CIsin
_CIsqrt
memset

rpcrt4

NdrDllUnregisterProxy
CStdStubBuffer_AddRef
IUnknown_QueryInterface_Proxy
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllCanUnloadNow
NdrCStdStubBuffer2_Release
NdrDllGetClassObject
CStdStubBuffer_Connect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
IUnknown_AddRef_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerQueryInterface
IUnknown_Release_Proxy
NdrStubCall2
CStdStubBuffer_CountRefs
NdrOleAllocate
NdrStubForwardingFunction
NdrOleFree

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseSRWLockShared
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockShared
Sleep
InitOnceExecuteOnce
CreateEventW
InitializeSRWLock
WaitForSingleObjectEx
SleepEx
SetEvent

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
TraceMessage

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWrite
EventRegister

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-processthreads-l1-1-2

OpenProcessToken
OpenProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter
GetLastError

combase

ord13
ord7
ord87
ord88
ord11
ord110
ord14
ord6
ord111
ord133
ord16
ord86
ord33
ord28
ord26
ord27
ord25
ord18
ord19
ord24
ord21
ord20
ord23
ord22
ord17
ord4
ord3
ord15
ord34
ord8
ord2
ord9
ord5
ord12
ord10
ord32

ninput

ord2502
ord2501
ProcessBufferedPacketsInteractionContext
BufferPointerPacketsInteractionContext
GetMouseWheelParameterInteractionContext
SetCrossSlideParametersInteractionContext
SetInertiaParameterInteractionContext
SetPivotInteractionContext
GetPropertyInteractionContext
GetStateInteractionContext
SetInteractionConfigurationInteractionContext
GetInteractionConfigurationInteractionContext
SetPropertyInteractionContext
RegisterOutputCallbackInteractionContext
CreateInteractionContext
DestroyInteractionContext
SetMouseWheelParameterInteractionContext

api-ms-win-shcore-scaling-l1-1-1

GetScaleFactorForMonitor
GetScaleFactorForDevice

shcore

ord244

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-2-0

GetTokenInformation

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

cryptbase

SystemFunction036

api-ms-win-core-atoms-l1-1-0

GlobalDeleteAtom
GlobalAddAtomW

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

user32

GetWindowBand
IsWindowEnabled
DestroyWindow
GetClientRect
GetPointerInfoHistory
EnableWindow
GetPointerTouchInfoHistory
SetFocus
GetPointerInputTransform
WindowFromPoint
GetRawPointerDeviceData
GetPointerDevices
GetPointerDeviceProperties
GetPointerDeviceRects
GetPointerDevice
GetPointerInfo
IsWindow
GetKeyboardState
ord2550
PostThreadMessageW
GetQueueStatus
DispatchMessageW
TranslateMessage
PeekMessageW
ord2538
PostQuitMessage
ord2534
GetWindowThreadProcessId
GetKeyState
RegisterWindowMessageW
PostMessageW
SetForegroundWindow
ShowWindow
SetWindowDisplayAffinity
GetWindowRect
EnableMouseInPointer
SetWindowLongW
RemovePropW
SetPropW
GetPropW
DefWindowProcW
GetFocus
GetAsyncKeyState
GetMessageExtraInfo
GetWindowLongW
RegisterClassExW
CreateWindowExW
UnregisterClassW
CreateWindowInBand

ntdll

RtlIsParentOfChildAppContainer
RtlGetAppContainerSidType
RtlLoadString

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

CreateControlInput
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd6fdbbc80237b6991175d444a2c4a1a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

rpcrt4

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-errorhandling-l1-1-1

combase

ninput

api-ms-win-shcore-scaling-l1-1-1

shcore

api-ms-win-core-handle-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-quirks-l1-1-0

cryptbase

api-ms-win-core-atoms-l1-1-0

api-ms-win-core-delayload-l1-1-1

user32

ntdll

api-ms-win-core-apiquery-l1-1-0

Exports

Exports

Sections

.text Size: 318KB - Virtual size: 318KB

.orpc Size: 3KB - Virtual size: 2KB

.data Size: 6KB - Virtual size: 5KB

.idata Size: 7KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 324B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 27KB - Virtual size: 27KB

.text
Size: 318KB - Virtual size: 318KB

.orpc
Size: 3KB - Virtual size: 2KB

.data
Size: 6KB - Virtual size: 5KB

.idata
Size: 7KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 324B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 27KB - Virtual size: 27KB