Magnify[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Magnify.exe
Size

761KB
MD5

6a13392704da5a0504c60ebbb64a44c8
SHA1

45b309dd4f8c06f2304f652519cd331133f85bd4
SHA256

e2d6eb8764dd4ec3bf840f30a5e911fbae832d54f3c2a6939addd07787c08bf6
SHA512

dde40c05ab7d206cc582b6d225623f215fe2821cdb0d02b13a5cf2887e1b9e4081f13d223741b9dd5e866d863fa26c6a10019e14fb32f65e3118e39214b21e1b
SSDEEP

12288:N6xEBWFtpgcnCDr9RI2yZt8XB04dDuc/04dDuc/vq:4SWFOPS/4xI4x7v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Magnify.exe

Files

Magnify.exe
.exe windows x86

38ee2e615404d38538e895bfad6aba8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteKeyExW
EventRegister
EventWrite
EventUnregister
RegGetValueW
RegQueryValueExW
RegDeleteKeyW
RegNotifyChangeKeyValue

kernel32

GetCurrentThreadId
GlobalDeleteAtom
GlobalAddAtomW
HeapAlloc
GetProcessHeap
GetSystemDirectoryW
GetLocaleInfoW
FormatMessageW
GetCurrentProcessId
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
GetTickCount
ReleaseMutex
RegisterApplicationRestart
SetProcessShutdownParameters
CreateMutexW
Sleep
GetModuleHandleW
CloseHandle
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
OpenMutexW
CompareStringW
GetLastError
HeapSetInformation
TerminateProcess
HeapSize
HeapFree
HeapReAlloc
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
RaiseException
GetModuleHandleA
GetSystemTimeAsFileTime
FindResourceExW
LoadResource
WaitForSingleObject
CreateThread
OpenJobObjectW
CreateEventW
LockResource
SizeofResource
IsProcessInJob
SetEvent

gdi32

CreateCompatibleBitmap
LineTo
MoveToEx
GetStockObject
SetBkMode
SetTextColor
CreateSolidBrush
StretchBlt
SetStretchBltMode
CreateRectRgn
GetObjectW
CreateCompatibleDC
DeleteDC
SelectObject
CreateBrushIndirect
CreateBitmap
DeleteObject
CombineRgn

user32

EndDeferWindowPos
GetKeyState
SendInput
GetThreadDesktop
GetUserObjectInformationW
CloseDesktop
GetAsyncKeyState
FindWindowW
PostMessageW
DeferWindowPos
LoadStringW
SetForegroundWindow
SetWindowsHookExW
UnhookWindowsHookEx
GetSystemMetrics
RegisterClassW
FillRect
SetCursor
PostQuitMessage
GetMessagePos
BeginDeferWindowPos
WindowFromPhysicalPoint
CallNextHookEx
GetWindowLongW
GetAncestor
PtInRect
RemovePropW
SetPropW
SetWindowPlacement
TrackPopupMenu
CheckMenuRadioItem
InsertMenuItemW
CreatePopupMenu
RealGetWindowClassW
GetDoubleClickTime
SendMessageTimeoutW
GetClassNameW
SetDlgItemTextW
GetDlgCtrlID
EnableWindow
MonitorFromWindow
SetFocus
CheckDlgButton
SendDlgItemMessageW
LoadImageW
CreateDialogParamW
GetDlgItem
GetCursorPos
UpdateLayeredWindow
ReleaseDC
GetDC
IsWindowEnabled
GetForegroundWindow
GetCapture
IsIconic
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
RegisterHotKey
ChangeWindowMessageFilterEx
UnregisterHotKey
SetRectEmpty
GetWindow
AdjustWindowRectEx
IsWindowVisible
SendMessageW
LoadIconW
SetPhysicalCursorPos
EnumDisplayMonitors
MapWindowPoints
GetPointerFrameInfoHistory
GetPointerInfo
GetWindowTextW
GetWindowThreadProcessId
InvalidateRect
SetWindowRgn
SetWindowPos
GetSysColor
GetClientRect
SetWinEventHook
SetLayeredWindowAttributes
LoadCursorW
SetActiveWindow
EndPaint
BeginPaint
GetPointerDeviceRects
GetParent
UnhookWinEvent
SetWindowLongW
IntersectRect
InflateRect
SetRect
GetGUIThreadInfo
DefWindowProcW
MonitorFromRect
UpdateWindow
RegisterClassExW
UnionRect
RegisterPointerDeviceNotifications
CreateWindowExW
GetPhysicalCursorPos
DestroyWindow
IsWindow
ClipCursor
KillTimer
SystemParametersInfoW
SetTimer
ShowWindow
GetPointerDevices
CopyRect
GetMonitorInfoW
MonitorFromPoint
OffsetRect
IsRectEmpty
GetWindowRect
GetDesktopWindow
EqualRect
UnregisterClassA

msvcrt

_except_handler4_common
floor
_ftol2_sse
_ftol2
__CxxFrameHandler3
_CxxThrowException
_CIsqrt
_CIsin
_CIpow
_CIfmod
_CIcos
_CIatan2
??3@YAXPAX@Z
_onexit
__dllonexit
_unlock
_lock
wcschr
memmove_s
memcpy_s
wcsspn
wcscspn
memmove
_isnan
_finite
free
realloc
memset
??1type_info@@UAE@XZ
memcpy
_controlfp
?terminate@@YAXXZ
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_vsnwprintf
_hypot
ceil
_purecall
??_V@YAXPAX@Z
??_U@YAPAXI@Z
??2@YAPAXI@Z
wcstok
_wcsicmp

ole32

CoTaskMemFree
CoGetInterfaceAndReleaseStream
CoCreateInstance
CoUninitialize
CoMarshalInterThreadInterfaceInStream
CoTaskMemAlloc
CoInitialize

oleacc

AccessibleObjectFromEvent
AccessibleObjectFromWindow

comctl32

ord345
ord17
InitCommonControlsEx

oleaut32

SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
SysAllocString
SysFreeString
VariantInit
VariantClear

gdiplus

GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromStream
GdipStringFormatGetGenericTypographic
GdipDrawString
GdipSetTextRenderingHint
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeletePen
GdipCreatePen1
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipFillRectangle
GdipFree
GdipCloneBrush
GdipAlloc
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipDrawLine

shell32

SHAppBarMessage
ShellExecuteW

ntdll

WinSqmSetDWORD
WinSqmIsOptedIn
WinSqmIncrementDWORD
WinSqmAddToStream

twinapi

ord8

shlwapi

ord628

dwmapi

DwmSetWindowAttribute
DwmIsCompositionEnabled

dui70

InitProcessPriv
InitThread
UnInitProcessPriv
UnInitThread
??0NativeHWNDHost@DirectUI@@QAE@XZ
??1NativeHWNDHost@DirectUI@@UAE@XZ
?Initialize@NativeHWNDHost@DirectUI@@QAEJPBG0PAUHWND__@@PAUHICON__@@HHHHHHPAUHINSTANCE__@@I@Z
?EndDefer@Element@DirectUI@@QAEXK@Z
?FindDescendent@Element@DirectUI@@QAEPAV12@G@Z
StrToID
?SetContentString@Element@DirectUI@@QAEJPBG@Z
?DestroyWindow@NativeHWNDHost@DirectUI@@QAEXXZ
?CreateHostWindow@NativeHWNDHost@DirectUI@@UAEPAUHWND__@@KPBG0KHHHHPAU3@PAUHMENU__@@PAUHINSTANCE__@@PAX@Z
?_OnUIStateChanged@HWNDElement@DirectUI@@MAEXGG@Z
?GetWindowClassNameAndStyle@HWNDElement@DirectUI@@UAEXPAPBGPAI@Z
?WndProc@HWNDElement@DirectUI@@UAEJPAUHWND__@@IIJ@Z
?IsMSAAEnabled@HWNDElement@DirectUI@@UAE_NXZ
?CanSetFocus@HWNDElement@DirectUI@@UAE_NXZ
?OnCompositionChanged@HWNDElement@DirectUI@@UAEXXZ
?OnWmSettingChanged@HWNDElement@DirectUI@@UAEXIJ@Z
?OnWmThemeChanged@HWNDElement@DirectUI@@UAEXIJ@Z
?OnGetDlgCode@HWNDElement@DirectUI@@UAEXPAUtagMSG@@PAJ@Z
?OnNoChildWithShortcutFound@HWNDElement@DirectUI@@UAEXPAUKeyboardEvent@2@@Z
?OnImmersiveColorSchemeChanged@HWNDElement@DirectUI@@UAEXXZ
?OnThemeChanged@HWNDElement@DirectUI@@UAEXPAUThemeChangedEvent@2@@Z
?GetHWND@HWNDElement@DirectUI@@UAEPAUHWND__@@XZ
?GetUiaFocusDelegate@Element@DirectUI@@UAEPAV12@XZ
?HandleUiaEventListener@Element@DirectUI@@UAEXPAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UAEXXZ
?GetElementProviderImpl@Element@DirectUI@@UAEJPAVInvokeHelper@2@PAPAVElementProvider@2@@Z
?GetUIAElementProvider@Element@DirectUI@@UAEJABU_GUID@@PAPAX@Z
?DefaultAction@Element@DirectUI@@UAEJXZ
?GetAccessibleImpl@HWNDElement@DirectUI@@UAEJPAPAUIAccessible@@@Z
?GetClassInfoW@HWNDElement@DirectUI@@UAEPAUIClassInfo@2@XZ
?GetKeyFocused@Element@DirectUI@@UAE_NXZ
?GetClassInfoPtr@CCPushButton@DirectUI@@SGPAUIClassInfo@2@XZ
?GetKeyFocusedElement@HWNDElement@DirectUI@@SGPAVElement@2@XZ
?GetLocation@Element@DirectUI@@QAEPBUtagPOINT@@PAPAVValue@2@@Z
?Click@Button@DirectUI@@SG?AVUID@@XZ
?SetEnabled@Element@DirectUI@@QAEJ_N@Z
?SetLayoutPos@Element@DirectUI@@QAEJH@Z
??0HWNDElement@DirectUI@@QAE@XZ
?OnEvent@HWNDElement@DirectUI@@UAEXPAUEvent@2@@Z
?ThemeChange@HWNDElement@DirectUI@@SG?AVUID@@XZ
?Destroy@DUIXmlParser@DirectUI@@QAEXXZ
?SetXMLFromResource@DUIXmlParser@DirectUI@@QAEJIPAUHINSTANCE__@@0@Z
?Create@DUIXmlParser@DirectUI@@SGJPAPAV12@P6GPAVValue@2@PBGPAX@Z2P6GX11H2@Z2@Z
?GetExtent@Element@DirectUI@@QAEPBUtagSIZE@@PAPAVValue@2@@Z
?OnGroupChanged@HWNDElement@DirectUI@@UAEXH_N@Z
?SetBackgroundStdColor@Element@DirectUI@@QAEJH@Z
?BackgroundProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?CreateGraphic@Value@DirectUI@@SGPAV12@PAUHBITMAP__@@EI_N11@Z
?Add@Element@DirectUI@@QAEJPAV12@@Z
?LoadFromResource@DUIFactory@DirectUI@@QAEJPAUHINSTANCE__@@PBG1PAVElement@2@PAKPAPAV42@1@Z
?Destroy@Layout@DirectUI@@QAEXXZ
?SetLayout@Element@DirectUI@@QAEJPAVLayout@2@@Z
?Create@FillLayout@DirectUI@@SGJPAPAVLayout@2@@Z
?DoubleBuffered@Element@DirectUI@@QAEX_N@Z
?Host@NativeHWNDHost@DirectUI@@QAEXPAVElement@2@@Z
?RemoveTooltip@HWNDElement@DirectUI@@UAEXPAVElement@2@@Z
?SetActive@Element@DirectUI@@QAEJH@Z
?SetValue@Element@DirectUI@@QAEJP6GPBUPropertyInfo@2@XZHPAVValue@2@@Z
?Release@Value@DirectUI@@QAEXXZ
?SetVisible@Element@DirectUI@@QAEJ_N@Z
?Initialize@HWNDElement@DirectUI@@QAEJPAUHWND__@@_NIPAVElement@2@PAK@Z
?Register@HWNDElement@DirectUI@@SGJXZ
?Destroy@Element@DirectUI@@QAEJ_N@Z
??1DUIFactory@DirectUI@@QAE@XZ
??1HWNDElement@DirectUI@@UAE@XZ
?SetAccessible@Element@DirectUI@@QAEJ_N@Z
?IsRTLReading@Element@DirectUI@@UAE_NXZ
?IsContentProtected@Element@DirectUI@@UAE_NXZ
?GetContentStringAsDisplayed@Element@DirectUI@@UAEPBGPAPAVValue@2@@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPBUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanged@HWNDElement@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UAEXPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnInput@HWNDElement@DirectUI@@UAEXPAUInputEvent@2@@Z
?OnKeyFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnMouseFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnDestroy@HWNDElement@DirectUI@@UAEXXZ
?Paint@Element@DirectUI@@UAEXPAUHDC__@@PBUtagRECT@@1PAU4@2@Z
?GetContentSize@Element@DirectUI@@UAE?AUtagSIZE@@HHPAVSurface@2@@Z
?Add@Element@DirectUI@@UAEJPAPAV12@I@Z
?Insert@Element@DirectUI@@UAEJPAPAV12@II@Z
?Remove@Element@DirectUI@@UAEJPAPAV12@I@Z
?GetAdjacent@Element@DirectUI@@UAEPAV12@PAV12@HPBUNavReference@2@K@Z
?EnsureVisible@Element@DirectUI@@UAE_NHHHH@Z
?SetKeyFocus@Element@DirectUI@@UAEXXZ
?AddBehavior@Element@DirectUI@@UAEJPAUIDuiBehavior@@@Z
?RemoveBehavior@Element@DirectUI@@UAEJPAUIDuiBehavior@@@Z
?MessageCallback@Element@DirectUI@@UAEIPAUtagGMSG@@@Z
?QueryInterface@Element@DirectUI@@UAGJABU_GUID@@PAPAX@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UAEXPAUtagRECT@@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MAEXHH@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MAE?AUtagSIZE@@HHPAVSurface@2@@Z
?OnHosted@Element@DirectUI@@MAEXPAV12@@Z
?OnUnHosted@Element@DirectUI@@MAEXPAV12@@Z
?UpdateTooltip@HWNDElement@DirectUI@@UAEXPAVElement@2@@Z
?ActivateTooltip@HWNDElement@DirectUI@@UAEXPAVElement@2@K@Z

magnification

MagSetFullscreenColorEffect
MagSetInputTransform
MagSetWindowTransform
MagSetWindowSource
MagShowSystemCursor
MagSetFullscreenTransform
MagInitialize
MagUninitialize

uiautomationcore

UiaRaiseStructureChangedEvent
UiaRaiseAutomationEvent
UiaClientsAreListening
UiaHostProviderFromHwnd
UiaReturnRawElementProvider

Sections

.text
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 499KB - Virtual size: 498KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38ee2e615404d38538e895bfad6aba8a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ole32

oleacc

comctl32

oleaut32

gdiplus

shell32

ntdll

twinapi

shlwapi

dwmapi

dui70

magnification

uiautomationcore

Sections

.text Size: 233KB - Virtual size: 233KB

.data Size: 1KB - Virtual size: 2KB

.idata Size: 15KB - Virtual size: 15KB

.rsrc Size: 499KB - Virtual size: 498KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 233KB - Virtual size: 233KB

.data
Size: 1KB - Virtual size: 2KB

.idata
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 499KB - Virtual size: 498KB

.reloc
Size: 11KB - Virtual size: 10KB