Microsoft[.]Uev[.]AppAgent[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Microsoft.Uev.AppAgent.dll
Size

1.6MB
MD5

0ac1ae11383c8343ede20c505bf8d777
SHA1

7ba33e6af49b14b78a7259e183c9a709afd2ec9a
SHA256

723e3a393fb49a581600ba6e91572315a2dcf3a2b512829d4d007402681c4d8b
SHA512

7df260758cfed0d35e3408036cba15fdefeb29c0eda9e263eeffe0e1eb4b8615b40d33a30c8654a695e765e69eae471387760d0c41732d046c68e2cbe46b55ab
SSDEEP

49152:Z8XTBDasK/ZuYbxQ0wqYAIXrsaf2MSUVDdAic:Y9DasKYEvkQh

Score

1^/10

Malware Config

Signatures

Files

Microsoft.Uev.AppAgent.dll
.dll windows:10 windows x86 arch:x86

37fb1fd165a1e93a9148d42f2cc23754

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d6:6a:12:ca:12:ff:46:b5:17:bf:b0:bb:d2:2d:cf:64:d4:07:4f:01:75:96:dc:5f:ff:29:82:63:b6:6a:6b:e8
Signer

Actual PE Digest

d6:6a:12:ca:12:ff:46:b5:17:bf:b0:bb:d2:2d:cf:64:d4:07:4f:01:75:96:dc:5f:ff:29:82:63:b6:6a:6b:e8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Microsoft.Uev.AppAgent.pdb

Imports

msvcrt

__crtCompareStringA
__crtCompareStringW
__crtLCMapStringW
??0bad_cast@@QAE@ABV0@@Z
__crtLCMapStringA
_get_current_locale
_free_locale
abort
realloc
ldexp
_Getdays
_Getmonths
_W_Getdays
_W_Getmonths
___mb_cur_max_func
_W_Gettnames
_Wcsftime
__mb_cur_max
_Gettnames
calloc
memcpy_s
___lc_codepage_func
_Strftime
strcspn
_purecall
isspace
tolower
memchr
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
___lc_handle_func
??0bad_cast@@QAE@PBD@Z
isupper
__pctype_func
memset
??1bad_cast@@UAE@XZ
__uncaught_exception
___lc_collate_cp_func
_vsnwprintf
memmove
??9type_info@@QBEHABV0@@Z
_ismbblead
memcpy
_CxxThrowException
memcmp
isalnum
setlocale
isdigit
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABV0@@Z
_unlock
??_V@YAXPAX@Z
_lock
_callnewh
malloc
localeconv
_wcsdup
_vsnprintf_s
_XcptFilter
_amsg_exit
_initterm
free
?terminate@@YAXXZ
_errno
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler4_common
islower
??0exception@@QAE@XZ
wcsncpy_s
memmove_s
wcscpy_s
sprintf_s
??8type_info@@QBEHABV0@@Z
??3@YAXPAX@Z
__RTDynamicCast
fclose
fwrite
?name@type_info@@QBEPBDXZ
swprintf_s
fputc
fflush
fgetc
fgetpos
setvbuf
ungetc
fsetpos
_fseeki64
_mkgmtime
_gmtime64
_wtoi
strchr
ldiv
time
_wcsnicmp
_stricmp
mbstowcs_s
towlower
ftell
_wfopen_s
fseek
fread
ferror
feof
__ExceptionPtrCreate
__ExceptionPtrCopy
__ExceptionPtrDestroy
__ExceptionPtrCurrentException
__ExceptionPtrRethrow
wprintf
_putws
??1bad_typeid@@UAE@XZ
??0bad_typeid@@QAE@ABV0@@Z
__RTtypeid
strerror
_beginthreadex
?before@type_info@@QBEHABV1@@Z
wcscat_s
_wfsopen
__CxxFrameHandler3
_wcsicmp
_ftol2

user32

SetSysColors
GetDoubleClickTime
ShutdownBlockReasonDestroy
SetWindowLongW
LoadCursorW
LoadIconW
TranslateMessage
SendNotifyMessageW
ShutdownBlockReasonCreate
DispatchMessageW
LoadStringW
RegisterClassExW
WaitForInputIdle
CreateWindowExW
DefWindowProcW
GetMessageW
GetSysColor
GetWindowLongW

kernel32

ReadFile
CreateDirectoryW
QueryFullProcessImageNameW
ExitProcess
Sleep
OpenEventW
GetProcessId
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
DisableThreadLibraryCalls
ResetEvent
IsDebuggerPresent
LocalUnlock
EnterCriticalSection
GetModuleHandleW
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
LocalFree
CreateMutexExW
GetProcAddress
CreateNamedPipeW
LeaveCriticalSection
GetQueuedCompletionStatus
GetTempPathW
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
CreateFileW
GetLocalTime
HeapAlloc
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
SetEvent
OutputDebugStringW
GetFileAttributesW
K32GetProcessImageFileNameW
DebugBreak
AcquireSRWLockExclusive
GetLastError
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
DecodePointer
EncodePointer
GetLocaleInfoW
WideCharToMultiByte
GetStringTypeW
MultiByteToWideChar
CreateIoCompletionPort
CopyFileExW
GetSystemTimeAsFileTime
DeleteCriticalSection
AcquireSRWLockShared
GlobalLock
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
DeleteFileW
GlobalAlloc
OpenProcess
CloseThreadpoolTimer
GlobalSize
ReleaseSRWLockExclusive
GetFileAttributesExW
FormatMessageW
CreateEventW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
CreateEventA
GetSystemInfo
LocalLock
GetModuleFileNameA
GetTickCount64

gdi32

GetStockObject

ole32

CoUninitialize
OleRun
CoUnmarshalInterface
CreateStreamOnHGlobal
CoMarshalInterface
CoTaskMemFree
CoCreateInstance
GetHGlobalFromStream
CoInitializeEx

oleaut32

SysAllocString
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayAccessData
SafeArrayRedim
GetRecordInfoFromTypeInfo
LoadRegTypeLi
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreateEx
SafeArrayPutElement
VariantCopy
VariantClear
SysStringLen
SysAllocStringByteLen
SysFreeString
SysAllocStringLen
VariantInit

advapi32

EventUnregister
SetSecurityInfo
EventWriteTransfer
EventRegister
EventSetInformation
RegGetValueW

shell32

DoEnvironmentSubstW
SHChangeNotify
SHGetKnownFolderPath

shlwapi

PathFindExtensionW
PathFindFileNameW
PathFileExistsW
PathIsDirectoryW

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

urlmon

CoInternetCreateSecurityManager

api-ms-win-core-path-l1-1-0

PathCchAppend

ext-ms-win-devmgmt-policy-l1-1-0

PolicyManager_GetPolicyInt

api-ms-win-core-processthreads-l1-1-0

SwitchToThread
TlsGetValue
GetExitCodeProcess
GetExitCodeThread
SetThreadPriority
TlsAlloc
ProcessIdToSessionId
TlsSetValue
GetCurrentThread
TlsFree
ResumeThread
OpenProcessToken
CreateThread
CreateProcessW

api-ms-win-core-wow64-l1-1-0

Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegEnumValueW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyExW
RegQueryInfoKeyW
RegCloseKey
RegEnumKeyExW
RegDeleteTreeW
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-file-l1-1-0

GetFileTime
GetLongPathNameW
GetFileSize
SetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
WriteFile
RemoveDirectoryW
SetFileTime

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
ExpandEnvironmentStringsW
GetEnvironmentVariableW

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetSystemWindowsDirectoryW
GetWindowsDirectoryW

api-ms-win-core-file-l2-1-0

MoveFileExW
CreateHardLinkW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrlenA

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl

api-ms-win-core-namedpipe-l1-1-0

WaitNamedPipeW

api-ms-win-core-synch-l1-1-0

CreateEventExW
WaitForMultipleObjectsEx
CreateMutexW
SetWaitableTimer
OpenEventA

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
CreateThreadpoolWork
SubmitThreadpoolWork

api-ms-win-security-base-l1-1-0

GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
CheckTokenMembership
CreateWellKnownSid
EqualSid

api-ms-win-ntuser-sysparams-l1-1-0

SystemParametersInfoW
GetSystemMetrics

api-ms-win-core-localization-l1-2-0

FormatMessageA
GetUserDefaultLCID

api-ms-win-core-handle-l1-1-0

DuplicateHandle

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExA
GetModuleHandleA

api-ms-win-core-synch-ansi-l1-1-0

CreateSemaphoreA

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualQuery
VirtualAlloc
VirtualProtect

api-ms-win-core-processthreads-l1-1-1

SetThreadContext
FlushInstructionCache
GetThreadContext
GetProcessMitigationPolicy

api-ms-win-core-heap-l2-1-0

LocalAlloc

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-file-l1-2-2

AreFileApisANSI

api-ms-win-core-synch-l1-2-1

CreateWaitableTimerW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsRelativeW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegEnumKeyW

api-ms-win-core-errorhandling-l1-1-0

RaiseException

activeds

ord3

Exports

Exports

ApplySettingsFromPackage
OrdinalOne

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37fb1fd165a1e93a9148d42f2cc23754

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

d6:6a:12:ca:12:ff:46:b5:17:bf:b0:bb:d2:2d:cf:64:d4:07:4f:01:75:96:dc:5f:ff:29:82:63:b6:6a:6b:e8Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

user32

kernel32

gdi32

ole32

oleaut32

advapi32

shell32

shlwapi

wtsapi32

urlmon

api-ms-win-core-path-l1-1-0

ext-ms-win-devmgmt-policy-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-wow64-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-version-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-ntuser-sysparams-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-ansi-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-heap-l2-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-file-l2-1-2

api-ms-win-core-file-l1-2-2

api-ms-win-core-synch-l1-2-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-errorhandling-l1-1-0

activeds

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.data Size: 52KB - Virtual size: 61KB

.idata Size: 12KB - Virtual size: 11KB

.didat Size: 512B - Virtual size: 64B

.detourd Size: 512B - Virtual size: 12B

.detourc Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 85KB - Virtual size: 85KB

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

d6:6a:12:ca:12:ff:46:b5:17:bf:b0:bb:d2:2d:cf:64:d4:07:4f:01:75:96:dc:5f:ff:29:82:63:b6:6a:6b:e8
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 52KB - Virtual size: 61KB

.idata
Size: 12KB - Virtual size: 11KB

.didat
Size: 512B - Virtual size: 64B

.detourd
Size: 512B - Virtual size: 12B

.detourc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 85KB - Virtual size: 85KB