ScreenShot
| Created | 2023.09.18 11:30 | Machine | s1_win7_x6401 |
| Filename | XMYFCPT9speAh98pdf.lnk | ||
| Type | MS Windows shortcut, Item id list present, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Sun Dec 31 15:32:08 1600, mtime=Sun Dec 31 15:32:08 1600, atime=Sun Dec 31 15:32:08 1600, length=0, window=hidenormalshowminimized | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 15 detected (Save, gen20, Malicious, score, WinLNK, Runner, VPUW, Phonzy, Detected, Outbreak) | ||
| md5 | 6d164ac8281441a98190607ceff43264 | ||
| sha256 | 149dc877de7fe63d793d487b91c9325cfd99a0d17916d364054fbba5db375123 | ||
| ssdeep | 24:8D4OAiKDqaAPHxkQgjaxoAzicEu7O40u85nITfC4ZkaClc:8/AiBng3dFITfP2asc | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 15 AntiVirus engines on VirusTotal as malicious |
| notice | Creates a shortcut to an executable file |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| info | Command line console output was observed |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | lnk_file_format | Microsoft Windows Shortcut File Format | binaries (upload) |
| info | Lnk_Format_Zero | LNK Format | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|