Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.19 02:09
66ea645129e6a_jacobs.exe
09.19 11:09
clip64.dll
09.19 11:09
cred64.dll
09.19 10:09
vsfdajg16.exe
09.19 10:09
QuickBooks_Setup.msi
09.19 10:09
QuickBooks_Desktop_Set...
09.19 10:09
game.exe
09.19 10:09
vlsadg.exe
09.19 10:09
lnfsda.exe
09.19 10:09
66eaadab755d2_installs...

Latest News
09.20 03:09
Bridge Detection Gaps ...
09.20 03:09
02 - Performing Basic ...
09.20 03:09
Exploiting Exchange Po...
09.20 03:09
KI in Hollywood: Wie L...
09.20 03:09
Google: PIN-Schutz für...
09.20 03:09
Chrome-Update für Work...
09.20 03:09
Attacker or IT admin? ...
09.20 03:09
EU’s Von der Leyen Ple...
09.20 02:09
Threat Intelligence Sn...
09.20 02:09
Compliance webinar ser...

Summary | ZeroBOX

1B0S_YS63093BVSA_URDSGA_pdf.lnk

GIF Format Lnk Format

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 12, 2024, 11:12 a.m.	Sept. 12, 2024, 11:14 a.m.

Size	1.2KB
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Working directory, Has command line arguments, Icon number=13, Archive, ctime=Fri May 24 04:15:12 2024, mtime=Fri May 24 04:15:12 2024, atime=Fri May 24 04:15:12 2024, length=987136, window=hidenormalshowminimized
MD5	`825ccb1ffa07afa207ec10d5f9571d95`
SHA256	`fd924377beb9fc9f7954ff3ca5109858aef87f16805fa78a39d3b05e5d15f5fc`
CRC32	`215E64D4`
ssdeep	`24:87JbmOuNVz1A4UPAdRd8lIeYk+RGYYqVgqe7ab/rMTcm:871mjNVze4lDdlkoBhe7ab4c`
Yara	lnk_file_format - Microsoft Windows Shortcut File Format Lnk_Format_Zero - LNK Format

cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "afiBgqQhAnHnJC" C:\Users\test22\AppData\Local\Temp\1B0S_YS63093BVSA_URDSGA_pdf.lnk
2560

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW Sept. 12, 2024, 11:12 a.m.	buffer: The system cannot find the file C:\Users\test22\AppData\Local\Temp\1B0S_YS63093BVSA_URDSGA_pdf.lnk. console_handle: 0x0000000b	1	1	0

Allocates read-write-execute memory (usually to unpack itself) (2 events)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 12, 2024, 11:12 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72c22000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Sept. 12, 2024, 11:12 a.m.	process_identifier: 2560 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02ad0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

Creates a shortcut to an executable file (1 event)

file	C:\Users\test22\AppData\Local\Temp\1B0S_YS63093BVSA_URDSGA_pdf.lnk

File has been identified by 10 AntiVirus engines on VirusTotal as malicious (10 events)

ESET-NOD32	LNK/TrojanDownloader.Agent.CAO
Avast	LNK:DarkMe-F [Drp]
Kaspersky	HEUR:Trojan.WinLNK.Agent.gen
Google	Detected
ZoneAlarm	HEUR:Trojan.WinLNK.Agent.gen
Varist	LNK/Agent.GP.gen!Eldorado
Ikarus	Trojan-Downloader.LNK.Agent
Tencent	Win32.Trojan-Downloader.Der.Agow
AVG	LNK:DarkMe-F [Drp]
alibabacloud	Trojan[downloader]:Win/Agent.CMX