VisualUIAVerifyNative.exe

  • File Path: C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm\UIAVerify\VisualUIAVerifyNative.exe
  • Description: Visual UIA Verify

Screenshot

VisualUIAVerifyNative.exe

Hashes

Type Hash
MD5 D5CED91E6E73682D5F80419AAC43725E
SHA1 7B5839D8B5ACE3A7E0CD653327EB241C2A5AFA05
SHA256 795434107117BA9D0D75D6502DA003D4765F978460E83746DBB7121BCB622CFB
SHA384 5D560CBB1A26DD181FC0F26E9EF1A77E8069187E2BF9F735B05F644B13C349DE6ECD7F3E4C12A8AF240DBFBE65516DFC
SHA512 6409486645CC24F0E261EFEF46EBAB73340CCDAFE20B7A7FB8EE75E27156858161ACD7B1C125AD8B9204DAFAB5BA98A84D538A53A56EB1F75AF00EA8397AA43B
SSDEEP 6144:yOqyheCdi1s8GbW5eCxWmuPfOBVODnom8gjJOv3AaNWGIAX4c6UdpDl4:yLGHCQmm
PESHA1 255F4B55CD6BC15A5EEA38A2B560B0EA8C3EDDA2
PE256 30527B1C8512DAB5FC8C93A622CC0187EF935FB8441C271AAE48A2F67F732CF8

Signature

  • Status: Signature verified.
  • Serial: 33000002B7E8E007A82AEF13150000000002B7
  • Thumbprint: 5A68625F1A516670A744F7EF919500A479D32A5B
  • Issuer: CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows Kits Publisher, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: VisualUIAVerifyNative.EXE
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 452

File Scan

  • VirusTotal Detections: Unknown

File Similarity (ssdeep match)

File Score
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm\UIAVerify\VisualUIAVerifyNative.resources.dll 72
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm64\UIAVerify\VisualUIAVerifyNative.exe 91
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm64\UIAVerify\VisualUIAVerifyNative.resources.dll 72
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64\UIAVerify\VisualUIAVerifyNative.exe 96
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64\UIAVerify\VisualUIAVerifyNative.resources.dll 74
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86\UIAVerify\VisualUIAVerifyNative.exe 90
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86\UIAVerify\VisualUIAVerifyNative.resources.dll 72

Possible Misuse

The following table contains possible examples of VisualUIAVerifyNative.exe being misused. While VisualUIAVerifyNative.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
LOLBAS VisualUiaVerifyNative.yml Name: VisualUiaVerifyNative.exe  
LOLBAS VisualUiaVerifyNative.yml - Command: VisualUiaVerifyNative.exe  
LOLBAS VisualUiaVerifyNative.yml - Path: c:\Program Files (x86)\Windows Kits\10\bin\[SDK version]\arm64\UIAVerify\VisualUiaVerifyNative.exe  
LOLBAS VisualUiaVerifyNative.yml - Path: c:\Program Files (x86)\Windows Kits\10\bin\[SDK version]\x64\UIAVerify\VisualUiaVerifyNative.exe  
LOLBAS VisualUiaVerifyNative.yml - Path: c:\Program Files (x86)\Windows Kits\10\bin\[SDK version]\UIAVerify\VisualUiaVerifyNative.exe  
LOLBAS VisualUiaVerifyNative.yml - Link: https://bohops.com/2020/10/15/exploring-the-wdac-microsoft-recommended-block-rules-visualuiaverifynative/  

MIT License. Copyright (c) 2020-2021 Strontic.