bb3b68b69f1a67bdfac3bd2b60e0b808

Sharing

Copy URL

Twitter E-mail

General

Target

bb3b68b69f1a67bdfac3bd2b60e0b808
Size

779KB
MD5

bb3b68b69f1a67bdfac3bd2b60e0b808
SHA1

dbc3b634ff69d8a36c793b71fe7da257d5708bf2
SHA256

7e8188f52fbce5996dcc69ad30add1c334e1dde75b51b7f70f99ff3ad44c4ffc
SHA512

d84bd1762977819fb2304669126ac05346d12c7d5162f0b066aaa7ee8bdb3b1f0b9390f4cb9905a193966babef91e205ba4adc7b4dd81bc7c8e4760f29ee12e6
SSDEEP

6144:/r2vVWhKHkz5gzNOx8XA08bAQGHbI0/tGKv15VucqGHbI0/tGKv15Vuc/vqkT7Hw:j2Y/t8XB04dDuc/04dDuc/vqeWaGJX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb3b68b69f1a67bdfac3bd2b60e0b808

Files

bb3b68b69f1a67bdfac3bd2b60e0b808
.exe windows:6 windows x86 arch:x86

46625447eb49fb24243c1f110857e2bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Magnify.pdb

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
EventRegister
EventUnregister
EventWrite
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyExW
RegOpenKeyExW
RegGetValueW
RegQueryValueExW

kernel32

GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
ReleaseMutex
InterlockedExchange
TerminateProcess
GlobalDeleteAtom
GetProcessHeap
HeapAlloc
GetSystemDirectoryW
GetLocaleInfoW
GetCurrentProcessId
FormatMessageW
GlobalAddAtomW
GetTickCount64
GetTickCount
HeapSetInformation
GetModuleHandleW
CompareStringW
Sleep
CreateMutexW
GetLastError
CloseHandle
SetProcessShutdownParameters
GetCurrentProcess
IsProcessInJob
GetCurrentThreadId
RegisterApplicationRestart
UnhandledExceptionFilter

gdi32

CreateBrushIndirect
DeleteObject
CreateBitmap
DeleteDC
SelectObject
StretchBlt
SetStretchBltMode
CreateCompatibleBitmap
CreateCompatibleDC
CreateRectRgn
CombineRgn
MoveToEx
LineTo
CreateSolidBrush
SetTextColor
SetBkMode
GetObjectW
GetStockObject

user32

SetWindowPlacement
FindWindowW
PostMessageW
CallNextHookEx
GetThreadDesktop
GetAsyncKeyState
UnhookWindowsHookEx
SystemParametersInfoW
SetWindowsHookExW
SetForegroundWindow
LoadStringW
GetWindowLongW
GetSystemMetrics
IsRectEmpty
PtInRect
EqualRect
OffsetRect
CopyRect
ShowSystemCursor
GetWindowRect
GetDesktopWindow
GetAncestor
GetMonitorInfoW
MonitorFromPoint
KillTimer
GetUserObjectInformationW
CloseDesktop
GetKeyState
CreatePopupMenu
InsertMenuItemW
CheckMenuRadioItem
TrackPopupMenu
SendInput
WindowFromPhysicalPoint
SetWindowRgn
SetTimer
ShowWindow
SetRect
InflateRect
IntersectRect
UnionRect
IsWindow
DestroyWindow
ClipCursor
IsIconic
MonitorFromRect
GetParent
GetGUIThreadInfo
InvalidateRect
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
AdjustWindowRect
UpdateWindow
GetPhysicalCursorPos
DefWindowProcW
RegisterClassW
FillRect
SetCursor
SetWindowLongW
GetClientRect
RegisterClassExW
EndPaint
BeginPaint
PostQuitMessage
GetMessagePos
RemovePropW
ord2001
SetMagnificationDesktopColorEffect
SetMagnificationDesktopMagnification
SetPropW
SetLayeredWindowAttributes
CreateWindowExW
SendMessageTimeoutW
GetDoubleClickTime
RealGetWindowClassW
SetWinEventHook
UnhookWinEvent
GetClassNameW
CreateDialogParamW
LoadImageW
SetFocus
SetDlgItemTextW
CheckDlgButton
SendDlgItemMessageW
GetDlgCtrlID
GetSysColor
EnableWindow
MapWindowPoints
MonitorFromWindow
GetDlgItem
RegisterHotKey
GetDC
ReleaseDC
GetForegroundWindow
GetCursorPos
GetWindowThreadProcessId
UpdateLayeredWindow
IsWindowEnabled
GetCapture
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
UnregisterHotKey
SetRectEmpty
LoadIconW
SendMessageW
SetPhysicalCursorPos
EnumDisplayMonitors
IsWindowVisible
AdjustWindowRectEx
SetWindowPos
GetWindow
LoadCursorW

msvcrt

_wcsicmp
memset
??3@YAXPAX@Z
wcstok
??2@YAPAXI@Z
_purecall
_ftol2_sse
_ftol2
ceil
_controlfp
?terminate@@YAXXZ
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_vsnwprintf

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleacc

AccessibleObjectFromEvent
AccessibleObjectFromWindow

comctl32

InitCommonControlsEx
ord345
ord17

oleaut32

VariantInit
VariantClear
SysFreeString

gdiplus

GdiplusStartup
GdipDeleteBrush
GdipFree
GdipAlloc
GdipCreatePen1
GdipCloneImage
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneBrush
GdipFillPolygonI
GdipFillRectangleI
GdipDrawPolygonI
GdipSetSmoothingMode
GdipCreateFromHDC
GdipCreateSolidFill
GdipDeleteGraphics
GdipDeletePen
GdiplusShutdown

shell32

ShellExecuteW
SHAppBarMessage

ntdll

WinSqmAddToStream
WinSqmIncrementDWORD
WinSqmIsOptedIn
WinSqmSetDWORD

shlwapi

StrCmpW
ord628

dwmapi

DwmSetWindowAttribute
DwmIsCompositionEnabled

dui70

?GetAccessibleImpl@HWNDElement@DirectUI@@UAEJPAPAUIAccessible@@@Z
InitProcessPriv
UnInitProcessPriv
UnInitThread
InitThread
?GetHWND@NativeHWNDHost@DirectUI@@QAEPAUHWND__@@XZ
??0NativeHWNDHost@DirectUI@@QAE@XZ
??1NativeHWNDHost@DirectUI@@UAE@XZ
?SetContentString@Element@DirectUI@@QAEJPBG@Z
?FindDescendent@Element@DirectUI@@QAEPAV12@G@Z
StrToID
?DestroyWindow@NativeHWNDHost@DirectUI@@QAEXXZ
?EndDefer@Element@DirectUI@@QAEXK@Z
?Initialize@NativeHWNDHost@DirectUI@@QAEJPBG0PAUHWND__@@PAUHICON__@@HHHHHHPAUHINSTANCE__@@I@Z
??1DUIFactory@DirectUI@@QAE@XZ
?Add@Element@DirectUI@@QAEJPAV12@@Z
?LoadFromResource@DUIFactory@DirectUI@@QAEJPAUHINSTANCE__@@PBG1PAVElement@2@PAKPAPAV42@1@Z
??0DUIFactory@DirectUI@@QAE@PAUHWND__@@@Z
?Destroy@Layout@DirectUI@@QAEXXZ
?SetLayout@Element@DirectUI@@QAEJPAVLayout@2@@Z
?Create@FillLayout@DirectUI@@SGJPAPAVLayout@2@@Z
?DoubleBuffered@Element@DirectUI@@QAEX_N@Z
?Host@NativeHWNDHost@DirectUI@@QAEXPAVElement@2@@Z
?SetAccessible@Element@DirectUI@@QAEJ_N@Z
?SetActive@Element@DirectUI@@QAEJH@Z
?SetVisible@Element@DirectUI@@QAEJ_N@Z
?Initialize@HWNDElement@DirectUI@@QAEJPAUHWND__@@_NIPAVElement@2@PAK@Z
?Register@HWNDElement@DirectUI@@SGJXZ
?Release@Value@DirectUI@@QAEXXZ
?GetExtent@Element@DirectUI@@QAEPBUtagSIZE@@PAPAVValue@2@@Z
?OnGroupChanged@HWNDElement@DirectUI@@UAEXH_N@Z
?Destroy@DUIXmlParser@DirectUI@@QAEXXZ
?SetXMLFromResource@DUIXmlParser@DirectUI@@QAEJIPAUHINSTANCE__@@0@Z
?Create@DUIXmlParser@DirectUI@@SGJPAPAV12@P6GPAVValue@2@PBGPAX@Z2P6GX11H2@Z2@Z
?OnEvent@HWNDElement@DirectUI@@UAEXPAUEvent@2@@Z
??0HWNDElement@DirectUI@@QAE@XZ
?IsRTLReading@Element@DirectUI@@UAE_NXZ
?IsContentProtected@Element@DirectUI@@UAE_NXZ
?GetContentStringAsDisplayed@Element@DirectUI@@UAEPBGPAPAVValue@2@@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPBUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanged@HWNDElement@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UAEXPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnInput@HWNDElement@DirectUI@@UAEXPAUInputEvent@2@@Z
?OnKeyFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnMouseFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?SetLayoutPos@Element@DirectUI@@QAEJH@Z
?SetEnabled@Element@DirectUI@@QAEJ_N@Z
?GetKeyFocusedElement@HWNDElement@DirectUI@@SGPAVElement@2@XZ
?GetID@Element@DirectUI@@QAEGXZ
?Click@Button@DirectUI@@SG?AVUID@@XZ
?GetLocation@Element@DirectUI@@QAEPBUtagPOINT@@PAPAVValue@2@@Z
?GetClassInfoPtr@CCPushButton@DirectUI@@SGPAUIClassInfo@2@XZ
?Destroy@Element@DirectUI@@QAEJ_N@Z
??1HWNDElement@DirectUI@@UAE@XZ
?WndProc@HWNDElement@DirectUI@@UAEJPAUHWND__@@IIJ@Z
?CanSetFocus@HWNDElement@DirectUI@@UAE_NXZ
?OnCompositionChanged@HWNDElement@DirectUI@@UAEXXZ
?OnDestroy@HWNDElement@DirectUI@@UAEXXZ
?OnGetDlgCode@HWNDElement@DirectUI@@UAEXPAUtagMSG@@PAJ@Z
?OnNoChildWithShortcutFound@HWNDElement@DirectUI@@UAEXPAUKeyboardEvent@2@@Z
?OnThemeChanged@HWNDElement@DirectUI@@UAEXPAUThemeChangedEvent@2@@Z
?GetHWND@HWNDElement@DirectUI@@UAEPAUHWND__@@XZ
?HandleUiaEventListener@Element@DirectUI@@UAEXPAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UAEXXZ
?GetElementProviderImpl@Element@DirectUI@@UAEJPAVInvokeHelper@2@PAPAVElementProvider@2@@Z
?DefaultAction@Element@DirectUI@@UAEJXZ
?OnWmThemeChanged@HWNDElement@DirectUI@@UAEXIJ@Z
?GetClassInfoW@HWNDElement@DirectUI@@UAEPAUIClassInfo@2@XZ
?GetKeyFocused@Element@DirectUI@@UAE_NXZ
?RemoveTooltip@HWNDElement@DirectUI@@UAEXPAVElement@2@@Z
?ActivateTooltip@HWNDElement@DirectUI@@UAEXPAVElement@2@K@Z
?UpdateTooltip@HWNDElement@DirectUI@@UAEXPAVElement@2@@Z
?OnUnHosted@Element@DirectUI@@MAEXPAV12@@Z
?OnHosted@Element@DirectUI@@MAEXPAV12@@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MAE?AUtagSIZE@@HHPAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MAEXHH@Z
?QueryInterface@Element@DirectUI@@UAGJABU_GUID@@PAPAX@Z
?MessageCallback@Element@DirectUI@@UAEIPAUtagGMSG@@@Z
?SetKeyFocus@Element@DirectUI@@UAEXXZ
?EnsureVisible@Element@DirectUI@@UAE_NHHHH@Z
?GetAdjacent@Element@DirectUI@@UAEPAV12@PAV12@HPBUNavReference@2@K@Z
?Remove@Element@DirectUI@@UAEJPAPAV12@I@Z
?Insert@Element@DirectUI@@UAEJPAPAV12@II@Z
?Add@Element@DirectUI@@UAEJPAPAV12@I@Z
?GetContentSize@Element@DirectUI@@UAE?AUtagSIZE@@HHPAVSurface@2@@Z
?Paint@Element@DirectUI@@UAEXPAUHDC__@@PBUtagRECT@@1PAU4@2@Z

magnification

MagSetWindowTransform
MagSetWindowSource
MagInitialize
MagUninitialize

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 513KB - Virtual size: 513KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 164KB - Virtual size: 428KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

46625447eb49fb24243c1f110857e2bd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ole32

oleacc

comctl32

oleaut32

gdiplus

shell32

ntdll

shlwapi

dwmapi

dui70

magnification

Sections

.text Size: 92KB - Virtual size: 91KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 513KB - Virtual size: 513KB

.reloc Size: 7KB - Virtual size: 6KB

.vmp0 Size: 164KB - Virtual size: 428KB

.text
Size: 92KB - Virtual size: 91KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 513KB - Virtual size: 513KB

.reloc
Size: 7KB - Virtual size: 6KB

.vmp0
Size: 164KB - Virtual size: 428KB