Magnify.exe
- File Path:
C:\WINDOWS\SysWOW64\Magnify.exe - Description: Microsoft Screen Magnifier
Hashes
| Type | Hash |
|---|---|
| MD5 | EBFA7BAB73FCF2C9F45E718F901B892F |
| SHA1 | 9FD2E4621C20837A2DCB1F5508756A25A2431EAA |
| SHA256 | 62DE892F7500D2AFD9563B6ABD0EF9F6F6E2C152C43466BD40FA12B5FB55D320 |
| SHA384 | 3CF25D4EB88F4BAE9B805CE57E4FEE3735FAE4B0AC6B56724E4A6F856A85876CBDB871FDFE4F2095531E4A74D9D1A064 |
| SHA512 | 001E7D7F13A2AB338BC726AB68A0F8EB3B7C176A16DC0C6CC2FE3ADFDF49827E9C788EA564A1C70822D791E4E85EE7615D3D6AD6FA9A6A26B26E3C7C97149F6F |
| SSDEEP | 12288:m2DOUG4RYRL9esPjSwUgQgIhHyB2xuLxR9Pu1U:m2CUG4YRUs2wUgQgIhHyB2u2U |
| IMP | 7B855A7887AD8277541E640EFE7EF96B |
| PESHA1 | B3ED7A559194CB3A8AE2E3A73AFB2E1795741AFA |
| PE256 | 7ABFD6B14BD8DE6267794A47FF6BC0B7162B104E84DA696E820A47D4E894EAAC |
Signature
- Status: Signature verified.
- Serial:
33000002ED2C45E4C145CF48440000000002ED - Thumbprint:
312860D2047EB81F8F58C29FF19ECDB4C634CF6A - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: ScreenMagnifier.exe
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.22000.1 (WinBuild.160101.0800)
- Product Version: 10.0.22000.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/73
- VirusTotal Link: https://www.virustotal.com/gui/file/62de892f7500d2afd9563b6abd0ef9f6f6e2c152c43466bd40fa12b5fb55d320/detection
Possible Misuse
The following table contains possible examples of Magnify.exe being misused. While Magnify.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | proc_creation_win_install_reg_debugger_backdoor.yml | - 'magnify.exe' |
DRL 1.0 |
| sigma | proc_creation_win_stickykey_like_backdoor.yml | - 'Magnify.exe' |
DRL 1.0 |
| sigma | registry_event_stickykey_like_backdoor.yml | - '\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Magnify.exe\Debugger' |
DRL 1.0 |
| atomic-red-team | T1546.008.md | * Magnifier: C:\Windows\System32\Magnify.exe |
MIT License. © 2018 Red Canary |
| atomic-red-team | T1546.008.md | | parent_list | Comma separated list of system binaries to which you want to attach each #{attached_process}. Default: “osk.exe” | String | osk.exe, sethc.exe, utilman.exe, magnify.exe, narrator.exe, DisplaySwitch.exe, atbroker.exe| | MIT License. © 2018 Red Canary |
| signature-base | thor_inverse_matches.yar | description = “Abnormal magnify.exe (Magnifier) - typical strings not found in file” | CC BY-NC 4.0 |
| signature-base | thor_inverse_matches.yar | $winxp = “Software\Microsoft\Magnify” wide | CC BY-NC 4.0 |
| signature-base | thor_inverse_matches.yar | filename ==”magnify.exe” | CC BY-NC 4.0 |
MIT License. Copyright (c) 2020-2021 Strontic.