Report - INF0_PAY_SCAN1ND_840387637829464535_pdf.lnk

Lnk Format GIF Format

ScreenShot

Info
Location map


Created	2024.09.12 11:15	Machine	s1_win7_x6402
Filename	INF0_PAY_SCAN1ND_840387637829464535_pdf.lnk
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Working directory, Has command line arguments, Icon number=13, Archive, ctime=Fri May 24 04:15:12 2024, mtime=Fri May 24 04:15:12 2024, atime=Fri May 24
AI Score	Not founds	Behavior Score	1.6
ZERO API	file : clean
VT API (file)	10 detected (DarkMe, WinLNK, Detected, Eldorado, Agow)
md5	825ccb1ffa07afa207ec10d5f9571d95
sha256	fd924377beb9fc9f7954ff3ca5109858aef87f16805fa78a39d3b05e5d15f5fc
ssdeep	24:87JbmOuNVz1A4UPAdRd8lIeYk+RGYYqVgqe7ab/rMTcm:871mjNVze4lDdlkoBhe7ab4c
imphash
impfuzzy

Network IP location

Signature (4cnts)

Level	Description
watch	File has been identified by 10 AntiVirus engines on VirusTotal as malicious
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Creates a shortcut to an executable file
info	Command line console output was observed

Rules (2cnts)

Level	Name	Description	Collection
info	lnk_file_format	Microsoft Windows Shortcut File Format	binaries (upload)
info	Lnk_Format_Zero	LNK Format	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

Similarity measure (PE file only) - Checking for service failure