VisualUIAVerifyNative.exe

  • File Path: C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64\UIAVerify\VisualUIAVerifyNative.exe
  • Description: Visual UIA Verify

Screenshot

VisualUIAVerifyNative.exe

Hashes

Type Hash
MD5 171FFBF75F1A7597CEB1579F6000817E
SHA1 F5A0F0425178ED742190D304B49368368A91CC8A
SHA256 B2F5B2CB9474DC3C7AD50002A34DFC16F8BD82120C86FA3BDD7DB8C73B19441F
SHA384 DEE0D2DFA9D8693FADD6CEBEFBD68CDD8F13DD300EE8278BE9C2B299B54F4E9B2057F2BE209F88C6FB10A5661CE7014E
SHA512 418AE81D96DCABCBB5E303F0F65D2C93BF9A987C018A2AA76C689EFABEE79D2370070AC31F0C0D661C78885C4A52CADE5403761B9A112F4CE34FA5E937F05E2A
SSDEEP 6144:FOqyheCdi1s8GbW5eCxWmuNfOBVODnom8gjJOv3AaNWGIAX4c6UdpDlm:FLGHCQm
PESHA1 5FB8DE8DA1C7AAC9C03B0FB23E7D4D0329F6F028
PE256 E752C3FA3D2AA64A00CE24C135B913627701CCFB30CEFD772F01FBAA55BE9538

Runtime Data

Window Title:

Visual UI Automation Verify : Client Side Provider

Open Handles:

Path Type
(R-D) C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64\UIAVerify\Interop.UIAutomationClient.dll File
(R-D) C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64\UIAVerify\UIAComWrapper.dll File
(R-D) C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64\UIAVerify\WUIALogging.dll File
(R-D) C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64\UIAVerify\WUIATestLibrary.dll File
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll File
(R-D) C:\Windows\System32\en-US\crypt32.dll.mui File
(R-D) C:\Windows\System32\en-US\KernelBase.dll.mui File
(R-D) C:\Windows\System32\en-US\oleaccrc.dll.mui File
(R-D) C:\Windows\System32\en-US\UIAutomationCore.dll.mui File
(R-D) C:\Windows\System32\en-US\user32.dll.mui File
(R-D) C:\Windows\System32\ieframe.dll File
(RW-) C:\Users\user File
(RW-) C:\Windows\System32 File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.488_none_4238de57f6b64d28 File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21 File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.685_none_faeca4db76168538 File
...\Cor_SxSPublic_IPCBlock Section
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 Section
\BaseNamedObjects\Cor_Private_IPCBlock_v4_4396 Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\1\BaseNamedObjects\112cHWNDInterface:5a05e0 Section
\Sessions\1\BaseNamedObjects\UrlZonesSM_user Section
\Sessions\1\BaseNamedObjects\windows_ie_global_counters Section
\Sessions\1\BaseNamedObjects\windows_shell_global_counters Section
\Sessions\1\Windows\Theme1383959086 Section
\Windows\Theme2042523233 Section

Loaded Modules:

Path
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64\UIAVerify\VisualUIAVerifyNative.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
C:\Windows\System32\ADVAPI32.dll
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\System32\IMM32.DLL
C:\Windows\SYSTEM32\kernel.appcore.dll
C:\Windows\System32\KERNEL32.dll
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\MSCOREE.DLL
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\SHLWAPI.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\SYSTEM32\ucrtbase_clr0400.dll
C:\Windows\System32\USER32.dll
C:\Windows\SYSTEM32\VCRUNTIME140_CLR0400.dll
C:\Windows\SYSTEM32\VERSION.dll
C:\Windows\System32\win32u.dll

Signature

  • Status: Signature verified.
  • Serial: 33000002CF6D2CC57CAA65A6D80000000002CF
  • Thumbprint: 1A221B3B4FEF088B17BA6704FD088DF192D9E0EF
  • Issuer: CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: VisualUIAVerifyNative.EXE
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: Unknown

File Similarity (ssdeep match)

File Score
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm\UIAVerify\VisualUIAVerifyNative.exe 96
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm\UIAVerify\VisualUIAVerifyNative.resources.dll 72
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm64\UIAVerify\VisualUIAVerifyNative.exe 91
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm64\UIAVerify\VisualUIAVerifyNative.resources.dll 72
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64\UIAVerify\VisualUIAVerifyNative.resources.dll 74
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86\UIAVerify\VisualUIAVerifyNative.exe 90
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86\UIAVerify\VisualUIAVerifyNative.resources.dll 72

Possible Misuse

The following table contains possible examples of VisualUIAVerifyNative.exe being misused. While VisualUIAVerifyNative.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
LOLBAS VisualUiaVerifyNative.yml Name: VisualUiaVerifyNative.exe  
LOLBAS VisualUiaVerifyNative.yml - Command: VisualUiaVerifyNative.exe  
LOLBAS VisualUiaVerifyNative.yml - Path: c:\Program Files (x86)\Windows Kits\10\bin\[SDK version]\arm64\UIAVerify\VisualUiaVerifyNative.exe  
LOLBAS VisualUiaVerifyNative.yml - Path: c:\Program Files (x86)\Windows Kits\10\bin\[SDK version]\x64\UIAVerify\VisualUiaVerifyNative.exe  
LOLBAS VisualUiaVerifyNative.yml - Path: c:\Program Files (x86)\Windows Kits\10\bin\[SDK version]\UIAVerify\VisualUiaVerifyNative.exe  
LOLBAS VisualUiaVerifyNative.yml - Link: https://bohops.com/2020/10/15/exploring-the-wdac-microsoft-recommended-block-rules-visualuiaverifynative/  

MIT License. Copyright (c) 2020-2021 Strontic.