Magnify.exe
- File Path:
C:\WINDOWS\system32\Magnify.exe - Description: Microsoft Screen Magnifier
Hashes
| Type | Hash |
|---|---|
| MD5 | BCAB41F69CE78DC3EDBA8C2E51161D44 |
| SHA1 | C402D24FE3E31F8CF5C2BA996686850B391AE031 |
| SHA256 | 66659CB6A0E4BA9EC7581C903D448877B25A7499D576A9D98EC06DE110C42AFA |
| SHA384 | E72D56BAF5837B506456119C3266245A79864E6C92252ABBA3286E8422DEBE1513D0084F269269311F3BE823B6BF492E |
| SHA512 | C6992867202569148BEFFE4CB535E57EAB1660C66491EB3235B9C326CDCE99BD899F37A70CE7FA40459652F5E207E54F78EFF81566D4B13F9C6B12D9EBE39239 |
| SSDEEP | 12288:PHW1rkFR2fE5wlINrrXF1WVFL+isTf9P9AS2Y:e1rTWrrVoqdf9qS2 |
| IMP | 2AAA426C9C60A1CDE1813D7E9180490C |
| PESHA1 | C6F5830F0659966E983F6F713867B7ECC6552987 |
| PE256 | DDFCB179F1885CC70878BB68DCDF37E03AF739B619E1865D6A7A4FAB7FF14CA0 |
Signature
- Status: Signature verified.
- Serial:
33000002ED2C45E4C145CF48440000000002ED - Thumbprint:
312860D2047EB81F8F58C29FF19ECDB4C634CF6A - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: ScreenMagnifier.exe.mui
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.22000.1 (WinBuild.160101.0800)
- Product Version: 10.0.22000.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/72
- VirusTotal Link: https://www.virustotal.com/gui/file/66659cb6a0e4ba9ec7581c903d448877b25a7499d576a9d98ec06de110c42afa/detection
Possible Misuse
The following table contains possible examples of Magnify.exe being misused. While Magnify.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | proc_creation_win_install_reg_debugger_backdoor.yml | - 'magnify.exe' |
DRL 1.0 |
| sigma | proc_creation_win_stickykey_like_backdoor.yml | - 'Magnify.exe' |
DRL 1.0 |
| sigma | registry_event_stickykey_like_backdoor.yml | - '\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Magnify.exe\Debugger' |
DRL 1.0 |
| atomic-red-team | T1546.008.md | * Magnifier: C:\Windows\System32\Magnify.exe |
MIT License. © 2018 Red Canary |
| atomic-red-team | T1546.008.md | | parent_list | Comma separated list of system binaries to which you want to attach each #{attached_process}. Default: “osk.exe” | String | osk.exe, sethc.exe, utilman.exe, magnify.exe, narrator.exe, DisplaySwitch.exe, atbroker.exe| | MIT License. © 2018 Red Canary |
| signature-base | thor_inverse_matches.yar | description = “Abnormal magnify.exe (Magnifier) - typical strings not found in file” | CC BY-NC 4.0 |
| signature-base | thor_inverse_matches.yar | $winxp = “Software\Microsoft\Magnify” wide | CC BY-NC 4.0 |
| signature-base | thor_inverse_matches.yar | filename ==”magnify.exe” | CC BY-NC 4.0 |
MIT License. Copyright (c) 2020-2021 Strontic.