Magnify[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Magnify.exe
Size

543KB
MD5

cf1dac1c01357d584c25b66fb335e905
SHA1

c4a8c6b9b6494e65a47579c55da9e46cc6cf5d56
SHA256

37ea0f913951030748d171c4d490ec9267bde60e05e36ebd0d9ef9ae5906de48
SHA512

5459dad1372f6b1ce4fd4f5f1bea56f4aea930df741d123a712da49dd1677ee124f4adacdc6e817723bfe5f164b3e3f76fc1ffa592daed4847406be3768d9c7b
SSDEEP

12288:jWVpBaYH7BfaQpfvy7dgVE9TuzZP3jPa:jUp/H7taQpfvy7dgVE9eG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Magnify.exe

Files

Magnify.exe
.exe windows:10 windows x86 arch:x86

511234e5d1070e8a7ecfcdc52e34928f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Magnify.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
EventUnregister
EventRegister
EventWriteTransfer
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyExW
RegDeleteKeyW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegGetValueW
EventSetInformation
RegEnumValueW
RegNotifyChangeKeyValue
RegLoadMUIStringW
RegQueryValueW
RegEnumKeyExW
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
RegDeleteTreeW
RegQueryValueExW

kernel32

GetTickCount64
SetProcessShutdownParameters
RegisterApplicationRestart
CreateEventExW
DeleteCriticalSection
InitializeCriticalSectionEx
TerminateProcess
GetCurrentProcess
ReleaseMutex
EnterCriticalSection
LeaveCriticalSection
RaiseException
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
CreateMutexW
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForSingleObjectEx
QueryPerformanceCounter
GlobalAddAtomW
GlobalDeleteAtom
SetEvent
GetUserDefaultLCID
LoadLibraryExW
FreeLibrary
WaitForMultipleObjects
ResetEvent
Sleep
HeapSetInformation
OpenMutexW
CompareStringW
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
CreateMutexExW
GetProcAddress
HeapAlloc
CloseHandle
ReleaseSRWLockShared
OpenSemaphoreW
MultiByteToWideChar
HeapDestroy
HeapReAlloc
HeapSize
GetCurrentThreadId
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
OutputDebugStringW
GetLastError
QueryPerformanceFrequency
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
FormatMessageW
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
CreateEventW
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
SizeofResource
CompareStringOrdinal
OpenJobObjectW
IsProcessInJob
ProcessIdToSessionId
LockResource
CreateThread
FindResourceExW
LoadResource
OOBEComplete
GlobalAlloc
GetLocaleInfoEx
LocalFree
ExpandEnvironmentStringsW
OpenProcess
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
CreateProcessW
DeleteProcThreadAttributeList
GetFileAttributesW
DeleteFileW
K32EnumProcesses
K32EnumProcessModules
K32GetModuleBaseNameW
InitOnceBeginInitialize
InitOnceComplete
VirtualProtect
LoadLibraryExA
GetSystemInfo
VirtualQuery
InitializeCriticalSection
LoadLibraryW
InterlockedPushEntrySList

gdi32

FillRgn
GetObjectW
CreateCompatibleDC
DeleteDC
LineTo
MoveToEx
SelectObject
GetStockObject
CreateSolidBrush
CreateBrushIndirect
CreateBitmap
DeleteObject
CombineRgn
CreateRectRgn

user32

MapVirtualKeyExW
EndDeferWindowPos
DeferWindowPos
SendMessageW
LoadIconW
SetPhysicalCursorPos
UnregisterClassA
SetFullscreenMagnifierOffsetsDWMUpdated
AdjustWindowRectExForDpi
MapWindowPoints
GetPointerFrameInfoHistory
GetPointerInfo
GetWindowTextW
GetWindowThreadProcessId
ShowWindow
InvalidateRect
GetCursorPos
SetWindowRgn
SetWindowPos
GetSysColor
GetClientRect
SetWinEventHook
SetLayeredWindowAttributes
LoadCursorW
SetActiveWindow
EndPaint
BeginPaint
GetPointerDeviceRects
GetParent
GetDoubleClickTime
SetWindowLongW
SetRect
BeginDeferWindowPos
DefWindowProcW
MonitorFromRect
RegisterClassExW
UnionRect
RegisterPointerDeviceNotifications
CreateWindowExW
GetPhysicalCursorPos
DestroyWindow
IsWindow
ClipCursor
EnumDisplayMonitors
KillTimer
SystemParametersInfoW
SetTimer
GetProcessDefaultLayout
GetPointerDevices
CopyRect
GetFocus
SetFocus
GetKeyState
GetShellWindow
SendNotifyMessageW
SetDesktopColorTransform
CallNextHookEx
SetWindowsHookExW
DestroyCursor
SendMessageTimeoutW
SetRectEmpty
GetClassNameW
GetForegroundWindow
IsIconic
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
OpenInputDesktop
UpdateWindow
SetSystemCursor
GetWindowRgn
UnregisterHotKey
RegisterHotKey
GetAsyncKeyState
InflateRect
GetMonitorInfoW
MonitorFromPoint
SendInput
PtInRect
OffsetRect
IsRectEmpty
GetKeyboardLayout
WindowFromPhysicalPoint
ReleaseDC
UpdateLayeredWindow
LoadImageW
GetDC
RegisterClassW
FillRect
SetCursor
GetMessagePos
RemovePropW
SetPropW
SetWindowPlacement
GetGUIThreadInfo
GetWindowRect
GetDesktopWindow
EqualRect
RealGetWindowClassW
IsWindowVisible
UnhookWinEvent
IntersectRect
GetAncestor
GetWindowLongW
GetSystemMetrics
UnhookWindowsHookEx
PostMessageW
FindWindowW
LoadStringW
CloseDesktop
GetUserObjectInformationW
GetThreadDesktop
AdjustWindowRectEx
GetWindow
GetDpiForWindow

msvcp_win

?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?_Xlength_error@std@@YAXPBD@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?_Throw_C_error@std@@YAXH@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
_Unlock_shared_ptr_spin_lock
_Lock_shared_ptr_spin_lock
?_Xbad_function_call@std@@YAXXZ
_Thrd_id
_Thrd_join
_Mtx_unlock
_Mtx_lock
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@I@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
_Thrd_detach

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm
_register_thread_local_exe_atexit_callback
_initterm_e

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vswprintf
_o___stdio_common_vswscanf
_o__beginthreadex
_o__callnewh
_o__cexit
_o__CIatan2
_o__CIcos
_o__CIfmod
_o__CIlog
_o__CIpow
_o__CIsin
_o__CIsqrt
_o__configthreadlocale
_o__configure_wide_argv
_o__controlfp_s
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__hypot
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__ltow_s
_o___stdio_common_vsnprintf_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcslwr_s
_o__wtoi
_o_ceil
_o_exit
_o_floor
_o_free
_o_iswspace
_o_malloc
_o_memcpy_s
_o_realloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcstok
_o_wcstok_s
__current_exception
__current_exception_context
_except_handler4_common
_CxxThrowException
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
__std_terminate
__CxxFrameHandler3
wcschr
wcsrchr
memcmp
memcpy
memmove

api-ms-win-crt-string-l1-1-0

memset
wcsspn
memmove_s
wcscspn
wcsncmp

ole32

CoWaitForMultipleObjects
CoInitialize
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
RoGetAgileReference

oleacc

AccessibleObjectFromEvent
AccessibleObjectFromWindow

comctl32

InitCommonControlsEx
ord17

oleaut32

SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
SysAllocString
VariantInit
VariantClear
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetDim
SafeArrayGetVartype
SafeArrayAccessData
SafeArrayUnaccessData
SysFreeString
SetErrorInfo
SysStringLen
GetErrorInfo

gdiplus

GdipDrawLine
GdipDeletePen
GdipCreatePen1
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipFillRectangle
GdipCloneBrush
GdipCreateFontFamilyFromName
GdipFree
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipDrawString
GdipDeleteFont
GdipSetTextRenderingHint
GdipAlloc
GdipStringFormatGetGenericTypographic

shell32

SHGetKnownFolderPath
SHAppBarMessage
ShellExecuteW

ntdll

RtlPublishWnfStateData
NtQueryWnfStateData
WinSqmSetDWORD
WinSqmIsOptedIn
WinSqmIncrementDWORD
WinSqmAddToStream

dwmapi

DwmIsCompositionEnabled
DwmSetWindowAttribute

magnification

MagUninitialize
MagInitialize
MagSetInputTransform
MagSetLensUseBitmapSmoothing
MagSetWindowTransform
MagSetWindowSource
MagSetFullscreenUseBitmapSmoothing
MagSetFullscreenColorEffect
MagSetFullscreenTransform
MagShowSystemCursor

uiautomationcore

UiaClientsAreListening
UiaRaiseStructureChangedEvent
UiaRaiseAutomationEvent
UiaReturnRawElementProvider
UiaHostProviderFromHwnd

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

api-ms-win-crt-math-l1-1-0

_isnan
_finite

Sections

.text
Size: 498KB - Virtual size: 497KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

511234e5d1070e8a7ecfcdc52e34928f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcp_win

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

ole32

oleacc

comctl32

oleaut32

gdiplus

shell32

ntdll

dwmapi

magnification

uiautomationcore

api-ms-win-shcore-scaling-l1-1-1

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 498KB - Virtual size: 497KB

.data Size: 5KB - Virtual size: 7KB

.idata Size: 13KB - Virtual size: 13KB

.didat Size: 512B - Virtual size: 40B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 22KB - Virtual size: 21KB

.text
Size: 498KB - Virtual size: 497KB

.data
Size: 5KB - Virtual size: 7KB

.idata
Size: 13KB - Virtual size: 13KB

.didat
Size: 512B - Virtual size: 40B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 22KB - Virtual size: 21KB