Accessibility.dll

  • File Path: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Accessibility.dll
  • Description: .NET Framework
  • Comments: Flavor=Retail

Hashes

Type Hash
MD5 A0AD346E2A9EF134EC7514149BD5C0F0
SHA1 F918BBBFE58B74E3966549027000226DBA2354DD
SHA256 673C3788342F8B268261469749796EA79033F9C08E6B8D8B45A9172D241179DA
SHA384 A9E47A51DE7D2E23B8BC250B98F0BD2E75AA918BD39AC6103C29C30C44B6E99BB36AF8725FCCA5609A46E94C5CD3F6B5
SHA512 907417B97180925D2F0E50A758483BEBAFC70641455AC2F0A61E4C1223B2A85D8207A274927457233FA2C041046D59BD8D3E04F853058D531F28DB8186EA0E4C
SSDEEP 384:s8TVTaDuk2dCLF9L4OOxWBbWRs2QpBj0HRN7iWQHRN7/4lrK9Ck:s8TVTTFoF9LNO0B2qWiW8L
IMP DAE02F32A21E03CE65412F6E56942DAA
PESHA1 281F0B43B24BC7B9E74291204F573B66B7B5DBE1
PE256 2636CEF95536CB9A461A7E53A21C10D81F3E4154E02D663BCB6FFB2E62986482

Signature

  • Status: Signature verified.
  • Serial: 33000001519E8D8F4071A30E41000000000151
  • Thumbprint: 62009AAABDAE749FD47D19150958329BF6FF4B34
  • Issuer: CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: UNKNOWN_FILE
  • Product Name: Microsoft .NET Framework
  • Company Name: Microsoft Corporation
  • File Version: 4.8.4084.0 built by: NET48REL1
  • Product Version: 4.8.4084.0
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/76
  • VirusTotal Link: https://www.virustotal.com/gui/file/673c3788342f8b268261469749796ea79033f9c08e6b8d8b45a9172d241179da/detection

File Similarity (ssdeep match)

File Score
C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\1033\flogvwrc.dll 41
C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\1033\gacutlrc.dll 35
C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\1033\IlDasmrc.dll 35
C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\1033\pevrfyrc.dll 44
C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\1033\snrc.dll 35
C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\1033\TrackerUI.dll 40
C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\x64\1033\flogvwrc.dll 43
C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\x64\1033\gacutlrc.dll 30
C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\x64\1033\IlDasmrc.dll 36
C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\x64\1033\pevrfyrc.dll 41
C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\x64\1033\snrc.dll 36
C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\x64\1033\TrackerUI.dll 41
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\CustomMarshalers.dll 21
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\Microsoft.Win32.Primitives.dll 38
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.AppContext.dll 43
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Collections.Concurrent.dll 41
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Collections.dll 40
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Collections.NonGeneric.dll 47
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Collections.Specialized.dll 43
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.ComponentModel.Annotations.dll 36
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.ComponentModel.dll 41
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.ComponentModel.EventBasedAsync.dll 41
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.ComponentModel.Primitives.dll 49
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.ComponentModel.TypeConverter.dll 40
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Console.dll 46
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Data.Common.dll 44
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Diagnostics.Contracts.dll 41
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Diagnostics.Debug.dll 38
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Diagnostics.FileVersionInfo.dll 44
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Diagnostics.Process.dll 43
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Diagnostics.StackTrace.dll 49
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Diagnostics.TextWriterTraceListener.dll 46
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Diagnostics.Tools.dll 47
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Diagnostics.TraceSource.dll 43
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Drawing.Primitives.dll 46
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Dynamic.Runtime.dll 43
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Globalization.Calendars.dll 43
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Globalization.dll 40
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Globalization.Extensions.dll 55
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.IO.Compression.ZipFile.dll 41
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.IO.dll 44
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.IO.FileSystem.dll 50
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.IO.FileSystem.DriveInfo.dll 50
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.IO.FileSystem.Primitives.dll 49
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.IO.FileSystem.Watcher.dll 46
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.IO.IsolatedStorage.dll 55
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.IO.MemoryMappedFiles.dll 46
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.IO.Pipes.dll 47
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.IO.UnmanagedMemoryStream.dll 46
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Linq.dll 58
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Linq.Expressions.dll 43
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Linq.Parallel.dll 50
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Linq.Queryable.dll 41
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Net.Http.Rtc.dll 49
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Net.NameResolution.dll 47
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Net.NetworkInformation.dll 44
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Net.Ping.dll 47
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Net.Primitives.dll 44
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Net.Requests.dll 43
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Net.Security.dll 44
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Net.Sockets.dll 44
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Net.WebHeaderCollection.dll 44
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Net.WebSockets.Client.dll 43
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Net.WebSockets.dll 40
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.ObjectModel.dll 46
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Reflection.dll 46
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Reflection.Emit.dll 41
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Reflection.Emit.ILGeneration.dll 40
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Reflection.Emit.Lightweight.dll 46
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Reflection.Extensions.dll 38
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Reflection.Primitives.dll 43
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Resources.Reader.dll 46
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Resources.ResourceManager.dll 43
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Resources.Writer.dll 41
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Runtime.CompilerServices.VisualC.dll 40
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Runtime.dll 44
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Runtime.Extensions.dll 46
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Runtime.Handles.dll 41
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Runtime.InteropServices.dll 41
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Runtime.InteropServices.RuntimeInformation.dll 43
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Runtime.InteropServices.WindowsRuntime.dll 46
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Runtime.Numerics.dll 41
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Runtime.Serialization.Formatters.dll 38
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Runtime.Serialization.Json.dll 46
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Runtime.Serialization.Primitives.dll 43
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Runtime.Serialization.Xml.dll 40
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Security.Claims.dll 38
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Security.Cryptography.Algorithms.dll 43
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Security.Cryptography.Csp.dll 41
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Security.Cryptography.Encoding.dll 41
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Security.Cryptography.Primitives.dll 41
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Security.Cryptography.X509Certificates.dll 40
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Security.Principal.dll 46
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Security.SecureString.dll 40
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.ServiceModel.Duplex.dll 47
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.ServiceModel.Http.dll 40
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.ServiceModel.NetTcp.dll 46
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.ServiceModel.Primitives.dll 46
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.ServiceModel.Security.dll 38
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Text.Encoding.dll 44
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Text.Encoding.Extensions.dll 41
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Text.RegularExpressions.dll 43
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Threading.dll 43
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Threading.Overlapped.dll 54
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Threading.Tasks.dll 49
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Threading.Tasks.Parallel.dll 49
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Threading.Thread.dll 44
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Threading.ThreadPool.dll 49
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Threading.Timer.dll 40
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.ValueTuple.dll 41
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Xml.ReaderWriter.dll 44
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Xml.XDocument.dll 43
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Xml.XmlDocument.dll 47
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Xml.XmlSerializer.dll 49
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Xml.XPath.dll 38
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Facades\System.Xml.XPath.XDocument.dll 49
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\ISymWrapper.dll 30
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\Microsoft.Activities.Build.dll 43
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\sysglobl.dll 38
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\System.Activities.DurableInstancing.dll 36
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\System.AddIn.Contract.dll 40
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\System.ComponentModel.Composition.Registration.dll 35
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\System.Data.DataSetExtensions.dll 38
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\System.Data.Services.Design.dll 38
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\System.Diagnostics.Tracing.dll 40
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\System.IO.Compression.dll 36
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\System.IO.Compression.FileSystem.dll 47
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\System.Management.Instrumentation.dll 41
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\System.Net.Http.WebRequest.dll 40
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\System.Numerics.dll 30
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\System.Reflection.Context.dll 40
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\System.Transactions.dll 27
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\System.Web.Abstractions.dll 41
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\System.Web.RegularExpressions.dll 44
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\System.Web.Routing.dll 41
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\System.Windows.dll 40
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\System.Windows.Input.Manipulations.dll 47
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\System.Windows.Presentation.dll 44
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\System.Xml.Serialization.dll 49
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\UIAutomationClientsideProviders.dll 44
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\UIAutomationProvider.dll 40
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.8\XamlBuildTask.dll 27
C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe 57
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe 36
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe 57
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe 36
C:\Windows\system32\aspnet_counters.dll 43
C:\Windows\system32\msvcr100_clr0400.dll 46
C:\Windows\SysWOW64\aspnet_counters.dll 41
C:\Windows\SysWOW64\msvcr100_clr0400.dll 41

Possible Misuse

The following table contains possible examples of Accessibility.dll being misused. While Accessibility.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
LOLBAS Atbroker.yml - IOC: Changes to HKCU\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Configuration  
LOLBAS Atbroker.yml - IOC: Changes to HKLM\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs  
malware-ioc oceanlotus-macOS.misp.event.json "description": "File permissions are commonly managed by discretionary access control lists (DACLs) specified by the file owner. File DACL implementation may vary by platform, but generally explicitly designate which users\/groups can perform which actions (ex: read, write, execute, etc.). (Citation: Microsoft DACL May 2018) (Citation: Microsoft File Rights May 2018) (Citation: Unix File Permissions)\n\nAdversaries may modify file permissions\/attributes to evade intended DACLs. (Citation: Hybrid Analysis Icacls1 June 2018) (Citation: Hybrid Analysis Icacls2 May 2018) Modifications may include changing specific access rights, which may require taking ownership of a file and\/or elevated permissions such as Administrator\/root depending on the file's existing permissions to enable malicious activity such as modifying, replacing, or deleting specific files. Specific file modifications may be a required step for many techniques, such as establishing Persistence via [Accessibility Features](https:\/\/attack.mitre.org\/techniques\/T1015), [Logon Scripts](https:\/\/attack.mitre.org\/techniques\/T1037), or tainting\/hijacking other instrumental binary\/configuration files.", © ESET 2014-2018
atomic-red-team index.md - T1546.008 Accessibility Features MIT License. © 2018 Red Canary
atomic-red-team windows-index.md - T1546.008 Accessibility Features MIT License. © 2018 Red Canary
atomic-red-team matrix.md | Compromise Hardware Supply Chain CONTRIBUTE A TEST | At (Linux) | Accessibility Features | Abuse Elevation Control Mechanism CONTRIBUTE A TEST | Access Token Manipulation CONTRIBUTE A TEST | ARP Cache Poisoning CONTRIBUTE A TEST | Application Window Discovery | Component Object Model and Distributed COM CONTRIBUTE A TEST | Archive Collected Data | Data Transfer Size Limits | Asymmetric Cryptography CONTRIBUTE A TEST | Application Exhaustion Flood CONTRIBUTE A TEST | MIT License. © 2018 Red Canary
atomic-red-team matrix.md | Compromise Software Supply Chain CONTRIBUTE A TEST | Command and Scripting Interpreter CONTRIBUTE A TEST | Add Office 365 Global Administrator Role CONTRIBUTE A TEST | Accessibility Features | Asynchronous Procedure Call | Bash History | Cloud Account CONTRIBUTE A TEST | Exploitation of Remote Services CONTRIBUTE A TEST | Archive via Library CONTRIBUTE A TEST | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol CONTRIBUTE A TEST | Commonly Used Port CONTRIBUTE A TEST | Data Destruction | MIT License. © 2018 Red Canary
atomic-red-team windows-matrix.md | Compromise Hardware Supply Chain CONTRIBUTE A TEST | At (Windows) | Accessibility Features | Abuse Elevation Control Mechanism CONTRIBUTE A TEST | Abuse Elevation Control Mechanism CONTRIBUTE A TEST | ARP Cache Poisoning CONTRIBUTE A TEST | Account Discovery CONTRIBUTE A TEST | Component Object Model and Distributed COM CONTRIBUTE A TEST | ARP Cache Poisoning CONTRIBUTE A TEST | Automated Exfiltration | Application Layer Protocol CONTRIBUTE A TEST | Account Access Removal | MIT License. © 2018 Red Canary
atomic-red-team windows-matrix.md | Compromise Software Supply Chain CONTRIBUTE A TEST | Component Object Model CONTRIBUTE A TEST | Add-ins CONTRIBUTE A TEST | Accessibility Features | Asynchronous Procedure Call | Brute Force CONTRIBUTE A TEST | Browser Bookmark Discovery | Exploitation of Remote Services CONTRIBUTE A TEST | Archive via Custom Method CONTRIBUTE A TEST | Exfiltration Over Alternative Protocol CONTRIBUTE A TEST | Bidirectional Communication CONTRIBUTE A TEST | Application or System Exploitation CONTRIBUTE A TEST | MIT License. © 2018 Red Canary
atomic-red-team T1021.001.md Adversaries may connect to a remote system over RDP/RDS to expand access if the service is enabled and allows access to accounts with known credentials. Adversaries will likely use Credential Access techniques to acquire credentials to use with RDP. Adversaries may also use RDP in conjunction with the Accessibility Features technique for Persistence.(Citation: Alperovitch Malware)</blockquote> MIT License. © 2018 Red Canary
atomic-red-team T1222.001.md Adversaries can interact with the DACLs using built-in Windows commands, such as icacls, cacls, takeown, and attrib, which can grant adversaries higher permissions on specific files and folders. Further, PowerShell provides cmdlets that can be used to retrieve or modify file and directory DACLs. Specific file and directory modifications may be a required step for many techniques, such as establishing Persistence via Accessibility Features, Boot or Logon Initialization Scripts, or tainting/hijacking other instrumental binary/configuration files via Hijack Execution Flow.</blockquote> MIT License. © 2018 Red Canary
atomic-red-team T1546.008.md # T1546.008 - Accessibility Features MIT License. © 2018 Red Canary
atomic-red-team T1546.008.md <blockquote>Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by accessibility features. Windows contains accessibility features that may be launched with a key combination before a user has logged in (ex: when the user is on the Windows logon screen). An adversary can modify the way these programs are launched to get a command prompt or backdoor without logging in to the system. MIT License. © 2018 Red Canary
atomic-red-team T1546.008.md Two common accessibility programs are C:\Windows\System32\sethc.exe, launched when the shift key is pressed five times and C:\Windows\System32\utilman.exe, launched when the Windows + U key combination is pressed. The sethc.exe program is often referred to as “sticky keys”, and has been used by adversaries for unauthenticated access through a remote desktop login screen. (Citation: FireEye Hikit Rootkit) MIT License. © 2018 Red Canary
atomic-red-team T1546.008.md Depending on the version of Windows, an adversary may take advantage of these features in different ways. Common methods used by adversaries include replacing accessibility feature binaries or pointers/references to these binaries in the Registry. In newer versions of Windows, the replaced binary needs to be digitally signed for x64 systems, the binary must reside in %systemdir%\, and it must be protected by Windows File or Resource Protection (WFP/WRP). (Citation: DEFCON2016 Sticky Keys) The Image File Execution Options Injection debugger method was likely discovered as a potential workaround because it does not require the corresponding accessibility feature binary to be replaced. MIT License. © 2018 Red Canary
atomic-red-team T1546.008.md Other accessibility features exist that may also be leveraged in a similar fashion: (Citation: DEFCON2016 Sticky Keys)(Citation: Narrator Accessibility Abuse) MIT License. © 2018 Red Canary
atomic-red-team T1546.012.md Similar to Accessibility Features, on Windows Vista and later as well as Windows Server 2008 and later, a Registry key may be modified that configures “cmd.exe,” or another program that provides backdoor access, as a “debugger” for an accessibility program (ex: utilman.exe). After the Registry is modified, pressing the appropriate key combination at the login screen while at the keyboard or when connected with Remote Desktop Protocol will cause the “debugger” program to be executed with SYSTEM privileges. (Citation: Tilbury 2014) MIT License. © 2018 Red Canary
atomic-red-team apis.md Exploit Public-Facing Application, CMSTP, Accessibility Features, Accessibility Features, BITS Jobs, Bash History, Application Window Discovery, Application Deployment Software, Automated Collection, Data Compressed, Communication Through Removable Media MIT License. © 2018 Red Canary
signature-base thor_inverse_matches.yar $s1 = “Accessibility On-Screen Keyboard” wide fullword CC BY-NC 4.0

MIT License. Copyright (c) 2020 Strontic.