Report - KeyActivation-GLEO.FUN.lnk

Generic Malware Antivirus Lnk Format GIF Format
ScreenShot
Created 2025.04.02 09:48 Machine s1_win7_x6401
Filename KeyActivation-GLEO.FUN.lnk
Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Wed Feb 5 04:09:11 2025, mtime=Sun Mar 16 20:50:37 2025, atime=Wed Feb 5 04:09:
AI Score Not founds Behavior Score
1.6
ZERO API file : clean
VT API (file) 12 detected (Malcode, a variant of Generik, QUSDUP, LNKEXEC, WinLNK, IRT633, Jmnw)
md5 d6c471d75a7d9e707349988639f9aa69
sha256 deb98936aad91a2805108a839ad5083a043efa1045dd92869d7a00036bcd771a
ssdeep 48:8kryrp1OkZP66L7T8r39bILvvalLq+ucU:8kryrp1x66L7or39b2Iq+6
imphash
impfuzzy
  Network IP location

Signature (4cnts)

Level Description
watch File has been identified by 12 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
notice Creates a shortcut to an executable file
info Command line console output was observed

Rules (4cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Antivirus Contains references to security software binaries (upload)
info lnk_file_format Microsoft Windows Shortcut File Format binaries (upload)
info Lnk_Format_Zero LNK Format binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids



Similarity measure (PE file only) - Checking for service failure