UIAutomationCore[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

UIAutomationCore.dll
Size

898KB
MD5

b0657efc44d8da33c9833bea5c83bedd
SHA1

3b3205822dbc1349f253775072b6090db82c9daa
SHA256

2a7e3e08dfe5c29ec7c91dd72b38f6db05065d2cc87fbb744a6b0ac3a75cfb52
SHA512

5ac52018f93ababf6a8d49848dc5066a9a8cf4d02a5b58169a38fac31f9ea81f26f289523cf428e9b762aaf4facafc8df5a2a5c6ed3759fe1d2f0d808750fe02
SSDEEP

12288:zq8si3nm+4L8ue9eo2/S8Enp40xzmtu3Yi+1xm93grakTvBnTgIWU30:zhsfL8ue9BQEnp0uoi+1xDak1nFWU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
UIAutomationCore.dll

Files

UIAutomationCore.dll
.dll regsvr32 windows:6 windows x86 arch:x86

572135b57ec50d8e989d59ffc9b33efb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

UIAutomationCore.pdb

Imports

msvcrt

malloc
free
_wcsnicmp
wcstod
wcstol
wcschr
wcscat_s
realloc
wcscpy_s
_XcptFilter
_amsg_exit
_initterm
_lock
_unlock
__dllonexit
_onexit
_except_handler4_common
memcpy
memcmp
_ftol2_sse
??_V@YAXPAX@Z
_ftol2
rand
srand
wcsncmp
_wcsicmp
_vsnwprintf
wcsstr
bsearch
memmove
_isnan
_purecall
??2@YAPAXI@Z
??_U@YAPAXI@Z
??3@YAXPAX@Z
_finite
memset

ntdll

RtlQueryPackageIdentity
EtwUnregisterTraceGuids
EtwTraceMessage
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwLogTraceEvent
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
RtlDllShutdownInProgress

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW
GetModuleHandleExW
FreeLibrary
LoadStringW
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameW
SizeofResource
LoadResource
FindResourceExW

api-ms-win-core-sysinfo-l1-2-1

GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount64
GetTickCount
GetVersionExW

api-ms-win-core-processthreads-l1-1-2

OpenProcessToken
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TlsAlloc
TlsFree
ExitProcess
OpenProcess
CreateThread
TlsSetValue
TlsGetValue
TerminateProcess

api-ms-win-core-synch-l1-2-0

EnterCriticalSection
InitializeCriticalSection
ReleaseSemaphore
DeleteCriticalSection
CreateEventW
Sleep
OpenEventW
ReleaseMutex
CreateMutexW
SetEvent
WaitForSingleObject
LeaveCriticalSection

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-string-l2-1-0

CharLowerW
CharNextW
CharPrevW

api-ms-win-core-string-l1-1-0

GetStringTypeExW
MultiByteToWideChar
CompareStringW

api-ms-win-security-base-l1-2-0

FreeSid
InitializeAcl
GetSidSubAuthority
SetSecurityDescriptorSacl
AllocateAndInitializeSid
AddMandatoryAce
GetTokenInformation
RevertToSelf
CheckTokenMembership
CreateWellKnownSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeSecurityDescriptor

api-ms-win-core-namedpipe-l1-2-0

CreateNamedPipeW
ConnectNamedPipe
SetNamedPipeHandleState
ImpersonateNamedPipeClient
DisconnectNamedPipe

api-ms-win-core-memory-l1-1-2

MapViewOfFile
VirtualQuery
VirtualAlloc
VirtualProtect
VirtualAllocEx
VirtualFreeEx
UnmapViewOfFile
ReadProcessMemory
CreateFileMappingW
OpenFileMappingW

api-ms-win-core-localization-l1-2-1

GetLocaleInfoW
GetThreadLocale

api-ms-win-core-file-l1-2-1

CreateFileW
WriteFile
ReadFile

api-ms-win-core-io-l1-1-1

CancelIo
GetOverlappedResult

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegCloseKey
RegEnumValueW

api-ms-win-core-heap-l1-2-0

HeapDestroy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-kernel32-legacy-l1-1-1

MulDiv
CreateSemaphoreW
LoadLibraryW
WaitForMultipleObjects

api-ms-win-core-string-obsolete-l1-1-0

lstrcpynW
lstrcmpiW
lstrcmpW
lstrlenW
lstrcpyW

api-ms-win-core-atoms-l1-1-0

GlobalDeleteAtom
GlobalAddAtomW

api-ms-win-core-psapi-obsolete-l1-1-0

K32GetModuleInformation
K32GetModuleBaseNameW

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

api-ms-win-core-sidebyside-l1-1-0

ReleaseActCtx
ActivateActCtx
DeactivateActCtx
CreateActCtxW

api-ms-win-core-wow64-l1-1-0

IsWow64Process

user32

SystemParametersInfoW
ClientToScreen
PostMessageW
SetWindowPlacement
GetWindowPlacement
SetWindowPos
GetSysColor
IsChild
IsWindow
GetDesktopWindow
GetWindowLongW
GetWindowThreadProcessId
GetDC
IsIconic
IsRectEmpty
ord2526
ord2523
ord2557
ord2558
GetProcessDpiAwarenessInternal
InSendMessageEx
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
GetScrollInfo
GetScrollBarInfo
MessageBeep
GetKeyState
GetCursorPos
BlockInput
NotifyWinEvent
GetWindowInfo
ScreenToClient
GetFocus
ReleaseDC
WindowFromPoint
MapVirtualKeyW
GetSystemMetrics
UnregisterHotKey
GetMessageW
RegisterHotKey
SetForegroundWindow
AttachThreadInput
PeekMessageW
SetFocus
GetAsyncKeyState
SendInput
TranslateMessage
GetWindowRgn
PtInRect
RealGetWindowClassW
GetGUIThreadInfo
GetMenuState
GetMenuBarInfo
RegisterWindowMessageW
GetPropW
IsWindowEnabled
ReplyMessage
GetClientRect
IsWinEventHookInstalled
GetParent
SendMessageW
SendMessageTimeoutW
MapWindowPoints
GetAncestor
IntersectRect
MonitorFromRect
GetClassNameW
EqualRect
GetWindowRect
IsWindowVisible
UnhookWinEvent
SetWinEventHook
MsgWaitForMultipleObjects
DispatchMessageW

kernel32

GetNamedPipeInfo

api-ms-win-core-processenvironment-l1-2-0

SearchPathW

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage
GetUserDefaultUILanguage

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DockPattern_SetDockPosition
ExpandCollapsePattern_Collapse
ExpandCollapsePattern_Expand
GridPattern_GetItem
InvokePattern_Invoke
ItemContainerPattern_FindItemByProperty
LegacyIAccessiblePattern_DoDefaultAction
LegacyIAccessiblePattern_GetIAccessible
LegacyIAccessiblePattern_Select
LegacyIAccessiblePattern_SetValue
MultipleViewPattern_GetViewName
MultipleViewPattern_SetCurrentView
RangeValuePattern_SetValue
ScrollItemPattern_ScrollIntoView
ScrollPattern_Scroll
ScrollPattern_SetScrollPercent
SelectionItemPattern_AddToSelection
SelectionItemPattern_RemoveFromSelection
SelectionItemPattern_Select
SynchronizedInputPattern_Cancel
SynchronizedInputPattern_StartListening
TextPattern_GetSelection
TextPattern_GetVisibleRanges
TextPattern_RangeFromChild
TextPattern_RangeFromPoint
TextPattern_get_DocumentRange
TextPattern_get_SupportedTextSelection
TextRange_AddToSelection
TextRange_Clone
TextRange_Compare
TextRange_CompareEndpoints
TextRange_ExpandToEnclosingUnit
TextRange_FindAttribute
TextRange_FindText
TextRange_GetAttributeValue
TextRange_GetBoundingRectangles
TextRange_GetChildren
TextRange_GetEnclosingElement
TextRange_GetText
TextRange_Move
TextRange_MoveEndpointByRange
TextRange_MoveEndpointByUnit
TextRange_RemoveFromSelection
TextRange_ScrollIntoView
TextRange_Select
TogglePattern_Toggle
TransformPattern_Move
TransformPattern_Resize
TransformPattern_Rotate
UiaAddEvent
UiaClientsAreListening
UiaDisconnectAllProviders
UiaDisconnectProvider
UiaEventAddWindow
UiaEventRemoveWindow
UiaFind
UiaGetErrorDescription
UiaGetPatternProvider
UiaGetPropertyValue
UiaGetReservedMixedAttributeValue
UiaGetReservedNotSupportedValue
UiaGetRootNode
UiaGetRuntimeId
UiaGetUpdatedCache
UiaHPatternObjectFromVariant
UiaHTextRangeFromVariant
UiaHUiaNodeFromVariant
UiaHasServerSideProvider
UiaHostProviderFromHwnd
UiaIAccessibleFromProvider
UiaLookupId
UiaNavigate
UiaNodeFromFocus
UiaNodeFromHandle
UiaNodeFromPoint
UiaNodeFromProvider
UiaNodeRelease
UiaPatternRelease
UiaProviderForNonClient
UiaProviderFromIAccessible
UiaRaiseAsyncContentLoadedEvent
UiaRaiseAutomationEvent
UiaRaiseAutomationPropertyChangedEvent
UiaRaiseStructureChangedEvent
UiaRaiseTextEditTextChangedEvent
UiaRegisterProviderCallback
UiaRemoveEvent
UiaReturnRawElementProvider
UiaSetFocus
UiaTextRangeRelease
ValuePattern_SetValue
VirtualizedItemPattern_Realize
WindowPattern_Close
WindowPattern_SetWindowVisualState
WindowPattern_WaitForInputIdle

Sections

.text
Size: 728KB - Virtual size: 728KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

572135b57ec50d8e989d59ffc9b33efb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-namedpipe-l1-2-0

api-ms-win-core-memory-l1-1-2

api-ms-win-core-localization-l1-2-1

api-ms-win-core-file-l1-2-1

api-ms-win-core-io-l1-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-atoms-l1-1-0

api-ms-win-core-psapi-obsolete-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

api-ms-win-core-wow64-l1-1-0

user32

kernel32

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 728KB - Virtual size: 728KB

.data Size: 26KB - Virtual size: 25KB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 99KB - Virtual size: 99KB

.reloc Size: 34KB - Virtual size: 34KB

.text
Size: 728KB - Virtual size: 728KB

.data
Size: 26KB - Virtual size: 25KB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 99KB - Virtual size: 99KB

.reloc
Size: 34KB - Virtual size: 34KB