VisualUIAVerifyNative.exe

  • File Path: C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm64\UIAVerify\VisualUIAVerifyNative.exe
  • Description: Visual UIA Verify

Screenshot

VisualUIAVerifyNative.exe

Hashes

Type Hash
MD5 39FE85BBC302BB412761FD6DDF323FA0
SHA1 88B4C08BB50C4C7ED867EAD8D6BB0B0CB204C9FB
SHA256 A3F0A0F01D200A855D9E3C1685FED0FD938A1FA43F005B3F33C071A449EAD11E
SHA384 C88580AE9D0ECE43A0214CA439408FF5ACC2C6952A7DCFE9771EBC44EC7EE83E6368123E0D92C5FBBE9395571F4AC88C
SHA512 D3DF56C20E31D0ED75E1E85E300E520FBFD02A7F4DEFA2A120B2A88FBD70572479EB067C753E3A243F474B168806929BF1656E005CBD7042FC27E00F1E2FC1EA
SSDEEP 6144:ROqyheCdi1s8GbWim3xWmuEfOBVODnom8gjJOv3AaNWGIAX4c6UdpDlF:RLG83QmQ
IMP F34D5F2D4577ED6D9CEEC516C1F5A744
PESHA1 0B3FB9BE44728EF3B415F3EFD3E923077CEB91A1
PE256 D952CBF51BF1B4402B0D655AF7EBDFE73C601BF10A867B414EF539D7FA899139

Runtime Data

Window Title:

Visual UI Automation Verify : Client Side Provider

Open Handles:

Path Type
(R-D) C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm64\UIAVerify\Interop.UIAutomationClient.dll File
(R-D) C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm64\UIAVerify\UIAComWrapper.dll File
(R-D) C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm64\UIAVerify\WUIALogging.dll File
(R-D) C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm64\UIAVerify\WUIATestLibrary.dll File
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll File
(R-D) C:\Windows\System32\en-US\crypt32.dll.mui File
(R-D) C:\Windows\System32\en-US\KernelBase.dll.mui File
(R-D) C:\Windows\System32\en-US\oleaccrc.dll.mui File
(R-D) C:\Windows\System32\en-US\UIAutomationCore.dll.mui File
(R-D) C:\Windows\System32\en-US\user32.dll.mui File
(R-D) C:\Windows\System32\ieframe.dll File
(RW-) C:\Users\user File
(RW-) C:\Windows\System32 File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.488_none_4238de57f6b64d28 File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21 File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.685_none_faeca4db76168538 File
...\Cor_SxSPublic_IPCBlock Section
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 Section
\BaseNamedObjects\Cor_Private_IPCBlock_v4_8236 Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\1\BaseNamedObjects\202cHWNDInterface:c064c Section
\Sessions\1\BaseNamedObjects\UrlZonesSM_user Section
\Sessions\1\BaseNamedObjects\windows_ie_global_counters Section
\Sessions\1\BaseNamedObjects\windows_shell_global_counters Section
\Sessions\1\Windows\Theme1383959086 Section
\Windows\Theme2042523233 Section

Loaded Modules:

Path
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm64\UIAVerify\VisualUIAVerifyNative.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
C:\Windows\System32\ADVAPI32.dll
C:\Windows\SYSTEM32\kernel.appcore.dll
C:\Windows\System32\KERNEL32.dll
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\MSCOREE.DLL
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\SHLWAPI.dll
C:\Windows\SYSTEM32\VERSION.dll

Signature

  • Status: Signature verified.
  • Serial: 33000002B7E8E007A82AEF13150000000002B7
  • Thumbprint: 5A68625F1A516670A744F7EF919500A479D32A5B
  • Issuer: CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows Kits Publisher, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: VisualUIAVerifyNative.EXE
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: Unknown

File Similarity (ssdeep match)

File Score
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm\UIAVerify\VisualUIAVerifyNative.exe 91
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm\UIAVerify\VisualUIAVerifyNative.resources.dll 72
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm64\UIAVerify\VisualUIAVerifyNative.resources.dll 72
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64\UIAVerify\VisualUIAVerifyNative.exe 91
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64\UIAVerify\VisualUIAVerifyNative.resources.dll 74
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86\UIAVerify\VisualUIAVerifyNative.exe 96
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86\UIAVerify\VisualUIAVerifyNative.resources.dll 72

Possible Misuse

The following table contains possible examples of VisualUIAVerifyNative.exe being misused. While VisualUIAVerifyNative.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
LOLBAS VisualUiaVerifyNative.yml Name: VisualUiaVerifyNative.exe  
LOLBAS VisualUiaVerifyNative.yml - Command: VisualUiaVerifyNative.exe  
LOLBAS VisualUiaVerifyNative.yml - Path: c:\Program Files (x86)\Windows Kits\10\bin\[SDK version]\arm64\UIAVerify\VisualUiaVerifyNative.exe  
LOLBAS VisualUiaVerifyNative.yml - Path: c:\Program Files (x86)\Windows Kits\10\bin\[SDK version]\x64\UIAVerify\VisualUiaVerifyNative.exe  
LOLBAS VisualUiaVerifyNative.yml - Path: c:\Program Files (x86)\Windows Kits\10\bin\[SDK version]\UIAVerify\VisualUiaVerifyNative.exe  
LOLBAS VisualUiaVerifyNative.yml - Link: https://bohops.com/2020/10/15/exploring-the-wdac-microsoft-recommended-block-rules-visualuiaverifynative/  

MIT License. Copyright (c) 2020-2021 Strontic.