Report - client_upd.lnk

Generic Malware AntiDebug AntiVM Lnk Format GIF Format

ScreenShot

Info
Location map


Created	2023.09.08 16:12	Machine	s1_win7_x6402
Filename	client_upd.lnk
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command line arguments, Icon number=79, Archive, ctime=Sat Dec 7 00:09:57 2019, mtime=Sat Sep 2 07:33:26 2023, atime=Sat Dec 7 00:0
AI Score	Not founds	Behavior Score	2.4
ZERO API	file : clean
VT API (file)	5 detected (gen111, WinLNK, LnkObf, Powedon, Detected)
md5	b67e9a5be90034b0814412603f5ba09e
sha256	82a78bf48a26c07f60ae2cc035992894bf8584e28c881c32b19ce620fa10c8fa
ssdeep	24:8XoEMu4JPpyA1k8WfyMUIsyMb+UHKb+/4Y5ws4flBsaW/ab/2XTfm:8X/Mum7IYgLflBsnab2jf
imphash
impfuzzy

Network IP location

Signature (6cnts)

Level	Description
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
notice	Creates a shortcut to an executable file
notice	Creates a suspicious process
notice	File has been identified by 5 AntiVirus engines on VirusTotal as malicious
notice	Yara rule detected in process memory
info	Command line console output was observed

Rules (11cnts)

Level	Name	Description	Collection
warning	Generic_Malware_Zero	Generic Malware	binaries (upload)
info	anti_dbg	Checks if being debugged	memory
info	DebuggerCheck__GlobalFlags	(no description)	memory
info	DebuggerCheck__QueryInfo	(no description)	memory
info	DebuggerHiding__Active	(no description)	memory
info	DebuggerHiding__Thread	(no description)	memory
info	disable_dep	Bypass DEP	memory
info	lnk_file_format	Microsoft Windows Shortcut File Format	binaries (upload)
info	Lnk_Format_Zero	LNK Format	binaries (upload)
info	SEH__vectored	(no description)	memory
info	ThreadControl__Context	(no description)	memory

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

Similarity measure (PE file only) - Checking for service failure