popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

NATO%20company.lnk.lnk

GIF Format Lnk Format
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 21, 2024, 3:14 p.m. Aug. 21, 2024, 3:16 p.m.
Size 182.0KB
Type MS Windows shortcut, Item id list present, Icon number=13, System, Directory, Reparse point, ctime=Thu Dec 12 08:02:54 5275, mtime=Fri Mar 31 01:14:42 5950, atime=Wed Mar 26 14:33:49 7552, length=67504132, window=hide
MD5 1099227fc19bfaab01b509e016079fa0
SHA256 9557bf84b1c63559c3010d5f4ba0f0a56d58cbe0e4e7a50f86ae888206842d19
CRC32 F089639A
ssdeep 3072:LXRwAblQAxtTRMEM8r4ohmJnnL6TPffKaYfRWzPSizmCN1S+zkVJZe:TnblnXTRWGJwnL6bfyH5qKiCfVJZe
Yara
  • lnk_file_format - Microsoft Windows Shortcut File Format
  • Lnk_Format_Zero - LNK Format

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: Access is denied.
console_handle: 0x0000000b
1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2552
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72c92000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2552
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02bf0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\NATO%20company.lnk.lnk
CAT-QuickHeal Exp.LNK.CVE-2010-2568.A
Sangfor Exploit.Win32-LNK.Save.CVE-2010-2568
Avast LNK:CVE-2010-2568 [Expl]
VBA32 Trojan.Link.Crafted
huorong Exploit/CVE-2010-2568.gen
AVG LNK:CVE-2010-2568 [Expl]