VisualUIAVerifyNative.exe

  • File Path: C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86\UIAVerify\VisualUIAVerifyNative.exe
  • Description: Visual UIA Verify

Screenshot

VisualUIAVerifyNative.exe

Hashes

Type Hash
MD5 D2539765673A5E87B8800AC42F197EAA
SHA1 6F1C3B0AD5F57643AAB2F39141B1392B841712F3
SHA256 BC5C3EDE178FF6CBC7D8474DC4FA330B8A334DC29D7128E919077A40FFAD3E75
SHA384 4437BDC09212D685B275DF23F29C80A26EAAA7DE9BE99A9E73F1B3F41B12D765119CCF280162C35437CACCCC75BBDDB0
SHA512 AFE1552297BD0B4774EF4F1E011457D23F7034DF9840EC48B363888CE5C08D423645FE4658DD35435C9033B0E306B0AF3B44DCEEC9E6D0E4ECD00F0D1AB6622E
SSDEEP 6144:1OqyheCdi1s8GbWim3xWmumfOBVODnom8gjJOv3AaNWGIAX4c6UdpDlCu:1LG83Qm4
IMP F34D5F2D4577ED6D9CEEC516C1F5A744
PESHA1 636D7ECCB9E373AB9D98547DE95310C47453C1EE
PE256 6B22CE7C87AD1F7AFFBA81E1D53548318DAEB7FEE5985FD917C9F0A14AAE623D

Runtime Data

Window Title:

Visual UI Automation Verify : Client Side Provider

Open Handles:

Path Type
(R-D) C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86\UIAVerify\Interop.UIAutomationClient.dll File
(R-D) C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86\UIAVerify\UIAComWrapper.dll File
(R-D) C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86\UIAVerify\WUIALogging.dll File
(R-D) C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86\UIAVerify\WUIATestLibrary.dll File
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll File
(R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll File
(R-D) C:\Windows\System32\en-US\crypt32.dll.mui File
(R-D) C:\Windows\System32\en-US\KernelBase.dll.mui File
(R-D) C:\Windows\System32\en-US\oleaccrc.dll.mui File
(R-D) C:\Windows\System32\en-US\UIAutomationCore.dll.mui File
(R-D) C:\Windows\SysWOW64\en-US\user32.dll.mui File
(R-D) C:\Windows\SysWOW64\ieframe.dll File
(RW-) C:\Users\user File
(RW-) C:\Windows File
(RW-) C:\Windows\SysWOW64 File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.488_none_89e6152f0b32762e File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_11b1e5df2ffd8627 File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.685_none_4299dbb28a92ae3e File
...\Cor_SxSPublic_IPCBlock Section
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 Section
\BaseNamedObjects\Cor_Private_IPCBlock_v4_7720 Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\1\BaseNamedObjects\1e28HWNDInterface:b06d8 Section
\Sessions\1\BaseNamedObjects\UrlZonesSM_user Section
\Sessions\1\BaseNamedObjects\windows_ie_global_counters Section
\Sessions\1\BaseNamedObjects\windows_shell_global_counters Section
\Sessions\1\Windows\Theme1383959086 Section
\Windows\Theme2042523233 Section

Loaded Modules:

Path
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86\UIAVerify\VisualUIAVerifyNative.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 33000002CF6D2CC57CAA65A6D80000000002CF
  • Thumbprint: 1A221B3B4FEF088B17BA6704FD088DF192D9E0EF
  • Issuer: CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: VisualUIAVerifyNative.EXE
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: Unknown

File Similarity (ssdeep match)

File Score
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm\UIAVerify\VisualUIAVerifyNative.exe 90
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm\UIAVerify\VisualUIAVerifyNative.resources.dll 72
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm64\UIAVerify\VisualUIAVerifyNative.exe 96
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm64\UIAVerify\VisualUIAVerifyNative.resources.dll 72
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64\UIAVerify\VisualUIAVerifyNative.exe 90
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64\UIAVerify\VisualUIAVerifyNative.resources.dll 72
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86\UIAVerify\VisualUIAVerifyNative.resources.dll 72

Possible Misuse

The following table contains possible examples of VisualUIAVerifyNative.exe being misused. While VisualUIAVerifyNative.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
LOLBAS VisualUiaVerifyNative.yml Name: VisualUiaVerifyNative.exe  
LOLBAS VisualUiaVerifyNative.yml - Command: VisualUiaVerifyNative.exe  
LOLBAS VisualUiaVerifyNative.yml - Path: c:\Program Files (x86)\Windows Kits\10\bin\[SDK version]\arm64\UIAVerify\VisualUiaVerifyNative.exe  
LOLBAS VisualUiaVerifyNative.yml - Path: c:\Program Files (x86)\Windows Kits\10\bin\[SDK version]\x64\UIAVerify\VisualUiaVerifyNative.exe  
LOLBAS VisualUiaVerifyNative.yml - Path: c:\Program Files (x86)\Windows Kits\10\bin\[SDK version]\UIAVerify\VisualUiaVerifyNative.exe  
LOLBAS VisualUiaVerifyNative.yml - Link: https://bohops.com/2020/10/15/exploring-the-wdac-microsoft-recommended-block-rules-visualuiaverifynative/  

MIT License. Copyright (c) 2020-2021 Strontic.