UIAutomationCore[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

UIAutomationCore.dll
Size

3.3MB
MD5

856cbc346f3eaff5fddb4f4bc0da8fcc
SHA1

2f3c976885a29d2be9c0c8b0f74b3fcf151f9363
SHA256

091eccfdf3d6914747ac88b4780992cd45b32e1e86579305649f78fa445ebfe0
SHA512

a2dfd28db7228d12d1437739c6aea33ab1bdd267b40ea050e810af20fb95ed7a0734398771125bad70a19eff3b71de3bace1d773a9cc24d4762ca2eac98ba03d
SSDEEP

49152:0WjAzs5JFu4jhDgyr10uUJudgtwDCdMVtFBc6SPL19:0yAzsXFVjhkyOuuw+dq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
UIAutomationCore.dll

Files

UIAutomationCore.dll
.dll windows:10 windows x86 arch:x86

90f1ff65e19da47a4b4f0fc4070aca58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

UIAutomationCore.pdb

Imports

msvcp_win

_Cnd_do_broadcast_at_thread_exit
_Thrd_join
_Thrd_id
?_Throw_Cpp_error@std@@YAXH@Z
?tolower@?$ctype@G@std@@QBEGG@Z
?tolower@?$ctype@G@std@@QBEPBGPAGPBG@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
_Wcscoll
_Wcsxfrm
?id@?$collate@G@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
??0_Lockit@std@@QAE@H@Z
??0_Locinfo@std@@QAE@PBD@Z
?c_str@?$_Yarn@D@std@@QBEPBDXZ
??1_Lockit@std@@QAE@XZ
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Xinvalid_argument@std@@YAXPBD@Z
_Unlock_shared_ptr_spin_lock
_Lock_shared_ptr_spin_lock
?_Xout_of_range@std@@YAXPBD@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??1_Locinfo@std@@QAE@XZ
?_Random_device@std@@YAIXZ
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?_Xlength_error@std@@YAXPBD@Z
?is@?$ctype@G@std@@QBE_NFG@Z
?_Xbad_alloc@std@@YAXXZ
?_Xbad_function_call@std@@YAXXZ

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__free_base
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__malloc_base
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
memmove
_o__wtoi
_o_bsearch
_o_ceil
_o_fflush
_o_free
_o_iswalnum
_o_iswspace
_o_malloc
_o_rand
_o_realloc
_o_srand
_o_terminate
_o_wcscat_s
_o_wcstod
_o_wcstol
wcschr
_except_handler4_common
__current_exception
__current_exception_context
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__beginthreadex
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler3
memcmp
memcpy
wcsrchr
strchr
wcsstr

api-ms-win-core-sidebyside-l1-1-0

DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleW
LoadStringW
GetProcAddress
LoadLibraryExW
LoadResource
GetModuleHandleExA
FindResourceExW
GetModuleHandleExW
GetModuleFileNameA
SizeofResource
DisableThreadLibraryCalls
FreeLibrary
FreeLibraryAndExitThread

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
InitOnceExecuteOnce
InitOnceBeginInitialize
Sleep
InitOnceComplete
WaitOnAddress

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFreeEx
ReadProcessMemory
VirtualProtect
VirtualQuery
MapViewOfFile
VirtualAllocEx
CreateFileMappingW
OpenFileMappingW
UnmapViewOfFile

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegOpenKeyExW
RegEnumValueW
RegSetValueExW
RegEnumKeyExW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
ReleaseSRWLockShared
OpenEventW
CreateEventExW
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
InitializeCriticalSectionEx
EnterCriticalSection
CreateSemaphoreExW
AcquireSRWLockShared
DeleteCriticalSection
CreateMutexW
ReleaseSRWLockExclusive
InitializeCriticalSection
CreateEventW
WaitForSingleObject
ResetEvent
LeaveCriticalSection
SetEvent
InitializeCriticalSectionAndSpinCount
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

CreateThread
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
ProcessIdToSessionId
OpenProcessToken
GetCurrentProcess

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventActivityIdControl
EventSetInformation
EventWriteTransfer

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-string-l2-1-0

CharPrevW
CharLowerW
CharNextW

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
GetStringTypeExW
WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

FindNLSString
GetThreadLocale
FormatMessageW
GetUserPreferredUILanguages

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo
GetTickCount
GetTickCount64

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW
K32GetModuleInformation
K32GetModuleBaseNameW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InterlockedPushEntrySList
InitializeSListHead

api-ms-win-core-string-obsolete-l1-1-0

lstrcpynW
lstrcmpW
lstrcmpiW

ntdll

RtlGetAppContainerNamedObjectPath
RtlFreeUnicodeString
NtQueryWnfStateData
NtQueryInformationProcess
RtlQueryPackageIdentity
RtlDllShutdownInProgress
EtwEventWriteTransfer
RtlGetDeviceFamilyInfoEnum

api-ms-win-crt-math-l1-1-0

_isnan

api-ms-win-core-atoms-l1-1-0

GlobalDeleteAtom
GlobalAddAtomW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-file-l1-1-0

WriteFile
CreateFileW
ReadFile

api-ms-win-core-namedpipe-l1-1-0

ConnectNamedPipe
CreateNamedPipeW
SetNamedPipeHandleState

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-security-base-l1-1-0

GetSidLengthRequired
AllocateAndInitializeSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
InitializeSid

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-io-l1-1-0

CancelIoEx
GetOverlappedResult

api-ms-win-core-io-l1-1-1

GetOverlappedResultEx
CancelIo

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-security-appcontainer-l1-1-0

GetAppContainerNamedObjectPath

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem
DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW
PathStripPathW

api-ms-win-core-kernel32-legacy-l1-1-0

MulDiv
WTSGetActiveConsoleSessionId

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DockPattern_SetDockPosition
ExpandCollapsePattern_Collapse
ExpandCollapsePattern_Expand
GridPattern_GetItem
IgnoreLeaksInCurrentlyTrackedMemory
InitializeChannelBasedConnectionForProviderProxy
InvokePattern_Invoke
IsIgnoringLeaks
ItemContainerPattern_FindItemByProperty
LegacyIAccessiblePattern_DoDefaultAction
LegacyIAccessiblePattern_GetIAccessible
LegacyIAccessiblePattern_Select
LegacyIAccessiblePattern_SetValue
MultipleViewPattern_GetViewName
MultipleViewPattern_SetCurrentView
PostTestCheckForLeaks
RangeValuePattern_SetValue
ScrollItemPattern_ScrollIntoView
ScrollPattern_Scroll
ScrollPattern_SetScrollPercent
SelectionItemPattern_AddToSelection
SelectionItemPattern_RemoveFromSelection
SelectionItemPattern_Select
StartIgnoringLeaks
StopIgnoringLeaks
SynchronizedInputPattern_Cancel
SynchronizedInputPattern_StartListening
TextPattern_GetSelection
TextPattern_GetVisibleRanges
TextPattern_RangeFromChild
TextPattern_RangeFromPoint
TextPattern_get_DocumentRange
TextPattern_get_SupportedTextSelection
TextRange_AddToSelection
TextRange_Clone
TextRange_Compare
TextRange_CompareEndpoints
TextRange_ExpandToEnclosingUnit
TextRange_FindAttribute
TextRange_FindText
TextRange_GetAttributeValue
TextRange_GetBoundingRectangles
TextRange_GetChildren
TextRange_GetEnclosingElement
TextRange_GetText
TextRange_Move
TextRange_MoveEndpointByRange
TextRange_MoveEndpointByUnit
TextRange_RemoveFromSelection
TextRange_ScrollIntoView
TextRange_Select
TogglePattern_Toggle
TransformPattern_Move
TransformPattern_Resize
TransformPattern_Rotate
UiaAddEvent
UiaClientsAreListening
UiaDisconnectAllProviders
UiaDisconnectProvider
UiaEventAddWindow
UiaEventRemoveWindow
UiaFind
UiaGetErrorDescription
UiaGetPatternProvider
UiaGetPropertyValue
UiaGetReservedMixedAttributeValue
UiaGetReservedNotSupportedValue
UiaGetRootNode
UiaGetRuntimeId
UiaGetUpdatedCache
UiaHPatternObjectFromVariant
UiaHTextRangeFromVariant
UiaHUiaNodeFromVariant
UiaHasServerSideProvider
UiaHostProviderFromHwnd
UiaIAccessibleFromProvider
UiaLookupId
UiaNavigate
UiaNodeFromFocus
UiaNodeFromHandle
UiaNodeFromPoint
UiaNodeFromProvider
UiaNodeRelease
UiaPatternRelease
UiaProviderForNonClient
UiaProviderFromIAccessible
UiaRaiseActiveTextPositionChangedEvent
UiaRaiseAsyncContentLoadedEvent
UiaRaiseAutomationEvent
UiaRaiseAutomationPropertyChangedEvent
UiaRaiseChangesEvent
UiaRaiseNotificationEvent
UiaRaiseStructureChangedEvent
UiaRaiseTextEditTextChangedEvent
UiaRegisterProviderCallback
UiaRemoveEvent
UiaReturnRawElementProvider
UiaSetFocus
UiaTextRangeRelease
UpdateErrorLoggingCallback
ValuePattern_SetValue
VirtualizedItemPattern_Realize
WindowPattern_Close
WindowPattern_SetWindowVisualState
WindowPattern_WaitForInputIdle

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 291KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90f1ff65e19da47a4b4f0fc4070aca58

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

ntdll

api-ms-win-crt-math-l1-1-0

api-ms-win-core-atoms-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-file-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-wow64-l1-1-1

api-ms-win-core-wow64-l1-1-0

api-ms-win-core-realtime-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-io-l1-1-1

api-ms-win-core-util-l1-1-0

api-ms-win-security-appcontainer-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-apiquery-l1-1-0

Exports

Exports

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.data Size: 36KB - Virtual size: 56KB

.idata Size: 11KB - Virtual size: 10KB

.didat Size: 1KB - Virtual size: 1KB

.rsrc Size: 291KB - Virtual size: 291KB

.reloc Size: 159KB - Virtual size: 158KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.data
Size: 36KB - Virtual size: 56KB

.idata
Size: 11KB - Virtual size: 10KB

.didat
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 291KB - Virtual size: 291KB

.reloc
Size: 159KB - Virtual size: 158KB